Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Virus?


  • Please log in to reply
4 replies to this topic

#1 Baloo

Baloo

  • Members
  • 243 posts
  • OFFLINE
  •  
  • Location:Ontario, Canada
  • Local time:10:38 AM

Posted 12 April 2007 - 10:15 AM

I just received an e-mail with the following attachment PATCH-9743.zip. The file is an executable that is encrypted. I have scanned it with McAfee and it came up with nothing because of the encryption. ANybody else seen this or have any insight into what it is. It was sent to one of my users in her e-mail the address Ihave used DNS Stuff.com to check out the originating address and it seems to have been sent from a Technology Skills school in Missouri. More information, I tried to unzip the file so I could see if I could have a look at the code and there is a password on the zip file ?! Makes no sense that someone would write malicious code and then password protect it unless they were planning to hack into the machine that has the code on it.


//Mod edit to remove email address to protect from spam.

Edited by KoanYorel, 13 April 2007 - 06:03 AM.

When life hands you lemons squeeze the lemon juice right in his eye!

BC AdBot (Login to Remove)

 


m

#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:38 PM

Posted 13 April 2007 - 02:13 AM

Please upload the files at Jotti or Virustotal and post back the result

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:38 AM

Posted 13 April 2007 - 06:00 AM

Hi Baloo,

Your email may have been a mis-send by a tech school student.

I'm PMing you the email addy of the site listed web manager.

I'd contact them and ask who, what & why.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 The Kid

The Kid

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 13 April 2007 - 07:49 AM

What it is is apparently a new variation of an old virus. I know this because apparently somebody at my work got it on their computer. I'm not really sure of what the symptoms are, but I do know it's a virus of some sort.

#5 buddy215

buddy215

  • BC Advisor
  • 12,616 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:38 AM

Posted 13 April 2007 - 10:53 AM

New Storm Worm Outbreak Blasting The Internet

The latest variant is dangerous because it's encrypted to hide from antivirus programs and uses a hard-to-squash peer-to-peer network.

By Sharon Gaudin
InformationWeek
Apr 13, 2007 06:05 AM

The virulent Storm worm that blasted its way across the Internet in January has reared its ugly head again.

A variant of the Storm worm hit hard in a widespread spam campaign on Thursday. The Internet Storm Center reported detecting at least 20,000 infections today. Patrick Martin, a senior product manager with the Security Response Team at Symantec, said they received several hundred reports of the malicious e-mail making the rounds.

"This is potentially a huge problem," said Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center. "It's basically impossible to shut this thing down.... And once a user is infected, it's very hard to get rid of it. They would probably have to reinstall their system."

The outbreak starts with a wide-ranging spam attack that is littering e-mail inboxes around the globe. The e-mail has subject lines like "Worm Alert," "Virus Alert," "Worm Activity Detected!" and "Dream of You." Some of the subject lines even use the word "love" or promise a patch for "new bug." Martin said the spam generator is changing the subject lines on a regular basis to throw off users and antivirus vendors.

Inside the e-mail is an image and an encrypted zip file. The image has the password needed to open the zip file.

Unlike the original Storm malware, which was hidden in an executable file, this one is hidden in the encrypted zip file. Ullrich explained in an interview that means it's much more difficult for antivirus software to detect the malicious code. If they can't detect it, they can't stop it.

If a user opens the file, his machine is infected with the malware and it then connects to a peer-to-peer

http://www.informationweek.com/security/sh...cleID=199000691

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users