Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm exploits tsunami to spread virus


  • Please log in to reply
1 reply to this topic

#1 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:06 AM

Posted 18 January 2005 - 05:14 AM

Worm exploits tsunami to spread virus.

A mass e-mail posing as a plea for aid to help the victims of last month's Asian tsunami disaster is actually a vehicle for spreading a computer virus, Web security firm Sophos said Monday.

The worm appears with the subject line: "Tsunami donation! Please help!" and invites recipients to open an attachment called "tsunami.exe"--which, if opened, will forward the virus to other Internet users.

Sophos recommends recipients delete the mails and do not open the attachments.


Complete Reuters article with details
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:11:06 AM

Posted 18 January 2005 - 08:47 PM

There are various phishing scams and now even a virus that centers on this tragic situation. This is the darker side of the security profession and hopefully not too many folks will be impacted by these new virus

Zar.A worm - Pretends to be Tsunami Relief Donation Form
http://vil.nai.com/vil/content/v_130860.htm
http://www.f-secure.com/v-descs/zar_a.shtml
http://www.sarc.com/avcenter/venc/data/w32.zar.a@mm.html
http://www.trendmicro.com/vinfo/virusencyc...Name=WORM_ZAR.A
http://secunia.com/virus_information/3249/zar.a/

WORM_ZAR.A propagates via email using its own Messaging Application Programming Interface (MAPI) engine. It uses email addresses gathered from Microsoft Outlook as its recepients. This worm also has the ability to perform a distributed denial of service attack on a Web site. This Visual Basic-compiled worm runs on all Windows platforms (95, 98, ME, NT, 2000, and XP).

The format of email messages are:

Subject: Tsunami Donation! Please help!
Body: Please help us with your donation and view the attachment below! We need you!
Attachment: tsunami.exe


I would still encourage folks to give to this very worthy cause, but to also be careful in the process, as noted by another example below:

F-Secure notes a fake Red Cross site was taken offline
http://www.f-secure.com/weblog/

Edited by harrywaldron, 18 January 2005 - 08:48 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users