Aces High Bulletin Board

General Forums => The O' Club => Topic started by: 1K0N on March 03, 2004, 09:52:04 AM

Title: Virus Alert
Post by: 1K0N on March 03, 2004, 09:52:04 AM

W32.Beagle.K@mm

Norton doesn't see the payload in the zip file... Yet....

IKON

Title: Virus Alert
Post by: Chairboy on March 03, 2004, 09:57:35 AM

Sure it does, who told you it doesn't?

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html

Title: Virus Alert
Post by: 1K0N on March 03, 2004, 10:01:56 AM

I watched it happen!
The latest definitions didn't catch it...

IKON

Title: Virus Alert
Post by: Chairboy on March 03, 2004, 10:07:04 AM

The writeup says to use special defs released this morning, you may want to run LiveUpdate again.  When an outbreak happens, the Symantec Response group jumps on it and releases new defs as soon as possible, usually within hours.

Title: Virus Alert
Post by: 1K0N on March 03, 2004, 10:08:10 AM

OK yesterdays defs dont work Dated 03-02

A def update isn't available yet for 03-03


Thanks for pointing that out Chair...

IKON

Title: Virus Alert
Post by: Chairboy on March 03, 2004, 10:13:57 AM

Since the writeup says the the 3-3 definitions fix it, that must mean that the definitions have been posted but haven't propagated out to the live servers yet.  It takes up to an hour to replicate, if I recall correctly.  Sometimes there's a small delay when it copies out onto the Akamai system too.

Try again in an hour, good catch!

Title: Virus Alert
Post by: Lizard3 on March 03, 2004, 10:15:21 AM

Don't some viruses block you from updating your virusware after it infects?

Title: Virus Alert
Post by: Chairboy on March 03, 2004, 10:18:09 AM

Quote

Originally posted by Lizard3
Don't some viruses block you from updating your virusware after it infects?

Fewer then you would imagine, but yes,  Beagle.k is not one of them.

Title: Virus Alert
Post by: Wlfgng on March 03, 2004, 10:24:42 AM

attachment stripper saved us yesterday...
some people would have opened the virus-attachments otherwise.

Title: Virus Alert
Post by: Chairboy on March 03, 2004, 10:37:26 AM

Why do people still open these attachments?!  

Perhaps there SHOULD be licenses needed to use computers, because I keep seeing people that should have theirs taken away.   Really, there is no excuse for these infections that rely on the user opening an attachment.  We're not talking Code Red or Nimda, we're talking about attachments that people still double click.

:rolleyes:

Title: Virus Alert
Post by: Wlfgng on March 03, 2004, 10:46:25 AM

Sad but True...

I am constantly amazed.. hey, I even had the surreal happen.
our email was down for a while and when I got it back up I had a message in my inbox... yep...
"hey Nick, we can't send or receive emails.. can you come help?"

sigh


Yep, there should be a required test before they get logon credentials.. but sadly... no

Title: Virus Alert
Post by: Dowding on March 03, 2004, 10:51:15 AM

It's because the messages have such innocuous, but enticing names such as "Cum see Pammy's big knockers". That's very hard to resist, you must understand.

Title: Virus Alert
Post by: beet1e on March 03, 2004, 11:16:23 AM

Just now, I was sent the NetSky.D@mm virus. It's documented here: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html

It's a very recent virus - this version within the last two days. Norton detected it right away.

Title: Virus Alert
Post by: Mini D on March 03, 2004, 11:19:20 AM

Actually.. this one has emails such as:

from: Tech Support
Subj: E-mail password change notification

from: management@yourcompany.com (my favorite)
Subj: Important notice reguarding system security

from: systemadmin
Subj: mail undeliverable

It password protects the Zip file then gives the true adventurer the password for the zip file in the message body.  They squashed it pretty quickly yesterday, but a few people were hit by it... at least according to my in-box.  It's one of the first e-mail virus bugs that has found it's way to my in-box in over a year.

MiniD

Title: Virus Alert
Post by: Mighty1 on March 03, 2004, 12:54:05 PM

The problem we have here is that we have educated people who are curious about the effects of a virus so even though they know the e-mail has a virus they open it up anyway just to see what it does.

We now strip all "scr pif zip com exe" from all e-mail.

Teachers can be the dumbest people around. (Excluding Kieren of course) wink wink!

Title: Virus Alert
Post by: Tarmac on March 03, 2004, 01:13:43 PM

I got this one today.  Sent from what appears to be a legit MSU address - staff@msu.edu.  I can see how people would fall for this.




From :  
Sent :  Wednesday, March 3, 2004 8:00 AM
To :  
Subject :  E-mail account security warning.
 
  |  | Trash Can | Inbox  
 

--------------------------------------------------------------------------------
 
Attachment :    Info.zip (17 KB)  
 
Dear user of Msu.edu,

We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in  order to  keep your computer and  e-mail account safe,
please,  follow the instructions.

Pay  attention on attached  file.

For security reasons  attached file is password protected. The password is
"02847".

Best  wishes,
      The Msu.edu team                           http://www.msu.edu