Virus Alert

[1K0N]

W32.Beagle.K@mm

Norton doesn't see the payload in the zip file... Yet....

IKON

[Chairboy]

Sure it does, who told you it doesn't?

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html

[1K0N]

I watched it happen!
The latest definitions didn't catch it...

IKON

[Chairboy]

The writeup says to use special defs released this morning, you may want to run LiveUpdate again.  When an outbreak happens, the Symantec Response group jumps on it and releases new defs as soon as possible, usually within hours.

[1K0N]

OK yesterdays defs dont work Dated 03-02

A def update isn't available yet for 03-03


Thanks for pointing that out Chair...

IKON

[Chairboy]

Since the writeup says the the 3-3 definitions fix it, that must mean that the definitions have been posted but haven't propagated out to the live servers yet.  It takes up to an hour to replicate, if I recall correctly.  Sometimes there's a small delay when it copies out onto the Akamai system too.

Try again in an hour, good catch!

[Lizard3]

Don't some viruses block you from updating your virusware after it infects?

[Chairboy]

Originally posted by Lizard3
Don't some viruses block you from updating your virusware after it infects?

Fewer then you would imagine, but yes,  Beagle.k is not one of them.

[Wlfgng]

attachment stripper saved us yesterday...
some people would have opened the virus-attachments otherwise.

[Chairboy]

Why do people still open these attachments?!  

Perhaps there SHOULD be licenses needed to use computers, because I keep seeing people that should have theirs taken away.   Really, there is no excuse for these infections that rely on the user opening an attachment.  We're not talking Code Red or Nimda, we're talking about attachments that people still double click.

[Wlfgng]

Sad but True...

I am constantly amazed.. hey, I even had the surreal happen.
our email was down for a while and when I got it back up I had a message in my inbox... yep...
"hey Nick, we can't send or receive emails.. can you come help?"

sigh


Yep, there should be a required test before they get logon credentials.. but sadly... no

[Dowding]

It's because the messages have such innocuous, but enticing names such as "Cum see Pammy's big knockers". That's very hard to resist, you must understand.

[beet1e]

Just now, I was sent the NetSky.D@mm virus. It's documented here: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html

It's a very recent virus - this version within the last two days. Norton detected it right away.

[Mini D]

Actually.. this one has emails such as:

from: Tech Support
Subj: E-mail password change notification

from: management@yourcompany.com (my favorite)
Subj: Important notice reguarding system security

from: systemadmin
Subj: mail undeliverable

It password protects the Zip file then gives the true adventurer the password for the zip file in the message body.  They squashed it pretty quickly yesterday, but a few people were hit by it... at least according to my in-box.  It's one of the first e-mail virus bugs that has found it's way to my in-box in over a year.

MiniD

[Mighty1]

The problem we have here is that we have educated people who are curious about the effects of a virus so even though they know the e-mail has a virus they open it up anyway just to see what it does.

We now strip all "scr pif zip com exe" from all e-mail.

Teachers can be the dumbest people around. (Excluding Kieren of course) wink wink!