"McAfee Anti-Virus"
or it is at: http://www.mcafee.com
"Norton Anti-Virus Programs/hoaxes"
or it is at: http://www.symantec.com/avcenter/hoax.html
"Symantec Active and Real Virus info"
or it is at: http://securityresponse.symantec.com/
"CIAC"
or the page is at: http://hoaxbusters.ciac.org/
Another reliable one is: "MYTHS"
or it is at: http://www.kumite.com/myths/
Another very good and well known one: "DATAFELLOWS"
or it is at: http://www.datafellows.com/news/hoax/
"SOPHOS VIRUS INFO"
or it's at: http://www.sophos.com/virusinfo/
"TRUTH OR FICTION"
or it's at: http://www.truthorfiction.com/
"SNOPES - URBAN LEGENDS"
or it's at: http://www.snopes2.com/
And last but certainly not least.. you should have a firewall on your computer as well. It provides a different service than a virus protection program. You really should read this page then do some research on the net for a good firewall. This is an excellent page full of information on just about anything you want to know about virus's, hacking, etc. Great for beginners to experts.
"HACKERS INFORMATION - ANTIONLINE FIGHT BACK SITE" or
it's at: http://antionline.com/fight-back/
*******************************************************
includes info on:
A Hacker's Tool - BKDR_INTRUZZO.A
A Variant of PE_CIH - PE_CIH.1049
Snoopy Debuts in a Proof-of-Concept Virus - VBS_BIMORPH.A
Macromedia Flash browser plug-in security hole
New Outlook Express security hole
********************************************************
*NEW* May 14th, 2002
A Hacker's Tool - BKDR_INTRUZZO.A
This backdoor hacking tool is comprised of a server component and a client component. The server component installs itself on the target computer, which enables the hacker, using the client component, to gain access to the target computer.
Upon execution, the server component copies itself into the Windows System directory. The filename it copies itself to varies. It also adds itself to the registry so that its dropped file executes upon Windows startup. The server component runs this backdoor hacking tool in silent mode. Upon first execution it displays a message box and a walking man. The server component also sends an email message containing information about the open port number and Internet Protocol (IP) address of the infected system to the hacker.
Hackers use the client component to gain full access to the system running the server component. The client component enables hackers to execute any or all of the following on a system running the server component:
- Open/Close CD-ROM tray
- Chat with the infected user
- PWL Reader: open and read PWL files on server
- Shutdown the computer
- Control the mouse
- Taskman
- Print a message
- Take a screen capture
- Obtain System info
- Write on the desktop
If you would like to scan your computer for BKDR_INTRUZZO.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.antivirus.com/
BKDR_INTRUZZO.A is detected and cleaned by Trend Micro pattern file #270 and above.
For additional information about WORM_KLEZ.H, please
visit Trend Micro
at: "WORM_KLEZ.H"
or
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?
VName=BKDR_INTRUZZO.A
For additional information about WORM_KLEZ.G, please visit Trend
Micro at: "WORM_KLEZ.G"
or
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.G
*********************************************************
*NEW* A Hacker's Tool - BKDR_INTRUZZO.A
May 10th, 2002
This backdoor hacking tool is comprised of a server component and a client component. The server component installs itself on the target computer, which enables the hacker, using the client component, to gain access to the target computer.
Upon execution, the server component copies itself into the Windows System directory. The filename it copies itself to varies. It also adds itself to the registry so that its dropped file executes upon Windows startup. The server component runs this backdoor hacking tool in silent mode. Upon first execution it displays a message box and a walking man. The server component also sends an email message containing information about the open port number and Internet Protocol (IP) address of the infected system to the hacker.
Hackers use the client component to gain full access to the system running the server component. The client component enables hackers to execute any or all of the following on a system running the server component:
- Open/Close CD-ROM tray
- Chat with the infected user
- PWL Reader: open and read PWL files on server
- Shutdown the computer
- Control the mouse
- Taskman
- Print a message
- Take a screen capture
- Obtain System info
- Write on the desktop
If you would like to scan your computer for
BKDR_INTRUZZO.A or thousands of other worms, viruses, Trojans
and malicious code, visit HouseCall, Trend Micro's free
online virus scanner at:
"housecall antivirus.com"
or
http://housecall.antivirus.com
BKDR_INTRUZZO.A is detected and cleaned by Trend Micro pattern file #270 and above.
For additional information about WORM_KLEZ.H, please visit Trend Micro at:
"Worm_KLEZ.H"
or
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=BKDR_INTRUZZO.A
********************************************************
*NEW* May 10th, 2002
A Variant of PE_CIH - PE_CIH.1049
Trend Micro has received infection reports of executable files for WORM_KLEZ.H being infected with PE_CIH.1049. PE_CIH.1049 is a destructive, memory-resident virus that infects all *.EXE files that are executed. It uses VXD programming to become memory resident and therefore, does not infect on Windows NT systems (the VXD technique is only available on Windows 9x systems).
Similar to other CIH variants, this is a cavity-type virus. To infect, it inserts its code into the free spaces in the target file therefore the file size of an infected file does not change.
When the system date is August 2 of any year, this virus overwrites garbage data to destroy the FLASH BIOS and to corrupt the hard disk of the infected system.
PE_CIH.1049 is detected and cleaned by Trend Micro pattern file #270 and above.
For additional information about PE_CIH.1049, please
visit Trend Micro
at:
"PE_CIH.1049"
or
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_CIH.1049
******************************************************
*NEW* May 14th, 2002
Snoopy Debuts in a Proof-of-Concept Virus - VBS_BIMORPH.A
This two-in-one polymorphic Visual Basic Script (VBS) malware is a proof-of-concept virus that combines two different viruses to co-exist, and spread as a single malware. It uses Microsoft Outlook to send copies of itself via email with the subject line "Check this out" and two infected VBS attachments, "Snoopy shagging Woodstock" and "Snoopy smoking weed."
This virus also contains a text file attachment, PASS.ON, labeled as "potential password source." The text file is from an infected user's drive and may actually contain the passwords of the infected user.
This destructive virus parses all drives and directories of the infected system's fixed and removable drives. It overwrites itself to all files with a .TXT extension containing the text string "password", to a "C:\PASS.ON" file.
If you would like to scan your computer for VBS_BIMORPH.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.antivirus.com/
VBS_BIMORPH.A is detected and cleaned by Trend Micro pattern file #272 and above.
For additional information about VBS_BIMORPH.A, please
visit Trend Micro at:
"VBS_BIMORPH.A"
or
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_BIMORPH.A
*****************************************************
*NEW* May 09th, 2002
Users of Macromedia Flash browser plug-in are encouraged to download the latest release.
On May 3, 2002, eEye Digital Security, the firm that discovered the Code Red worm last summer, reported that Macromedia Flash 6.0, revision 23 (and possibly earlier versions), contains an ActiveX flaw that could allow malicious users to execute code. Because of the nature of the flaw, all users of Microsoft Internet Explorer are potentially affected. eEye and Macromedia recommend that users upgrade to the latest version of Flash, which is 6.0, revision 29.
How it works
What researchers at eEye and Macromedia independently discovered
is a buffer overflow condition that exists in an OLE custom
control (OCX). In this case, under normal conditions, the
Flash.ocx control allows Flash media files to run under other
Microsoft programs, such as Internet Explorer. However, a
malicious user could design an exploit disguised as a Flash.ocx
control in order to plant and execute rogue code on a vulnerable
computer. So far, no known exploits of Flash.ocx exist.
Prevention
eEye and Macromedia recommend that all users upgrade to the
latest version of Flash 6.0, revision 29, now available from
Macromedia.
"shockwave download"
or
http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=Shockwave
Flash This may take a few minutes to download, be patient.
****************************************************
*NEW* May 10th, 2002
OUTLOOK NOTICE!!!
Malicious scripts embedded in HTML or rich-text e-mail may execute in Outlook 2000 and 2002.
On April 26, Microsoft released a new security bulletin, MS02- 021, for anyone running Microsoft Word as the default e-mail editor for Microsoft Outlook 2000 and 2002. (The Word option is enabled or disabled by clicking Tools Options Mail Format.) Users editing or creating e-mail in rich text or HTML formats with the Word option could be vulnerable to harmful scripts sent from malicious users.
How it works
Users who only read their e-mail via Word are not vulnerable;
HTML e-mail in Outlook uses Internet Explorer's security
settings and will not run malicious scripts sent via e-mail.
However, users who reply or forward e-mail using Word are at
risk because Word does not have script-blocking capabilities.
Prevention
A patch is available from Microsoft. Outlook 2002 users who have
enabled the "Read HTML e-mail as plain text" feature in Office
XP SP1 will not need to apply this patch.
***************************************************
*NEW* W32.Klez.h@mm - May 14th, 2002
W32.Klez.H@mm
The Klez worm just keeps on giving. The persistent pest, which made a strong comeback last month in the form of the Klez.h variant, is now helping revive the Chernobyl virus, according to a new report from antivirus company Symantec.
The report says that a virus known as W95.CIH.1049, a slight variation of the W95.CIH bug dubbed the Chernobyl virus when it began spreading four years ago, has been detected in recent infections of the Klez worm. The main difference with the new virus is that it's set to activate on Aug. 2 of every year, as opposed to the April 26 attack date of the original Chernobyl.
Vincent Weafer, senior director of Symantec's Security Response team, said the company began seeing Chernobyl-infected messages last week, but they continue to account for only a handful of the thousands of Klez infested messages the company sees daily. Weafer said the viral bonus wasn't intentional but rather a by- product of Chernobyl-infected PCs also propagating the Klez worm.
"As far as (Chernobyl) is concerned, the Klez worm is just another file to infect," Weafer said. "It's quite common to see piggybacking effects when you have worms that have been propagating for a long time in the world."
Even though Chernobyl is ancient by virus standards and easily detected by almost any antivirus software, Weafer said it's not unusual to have bugs still making the rounds years after their debut.
"When you look back at viruses, you see recurrences," Weafer said. "They can live for many years out in the wild."
The first version of the Klez worm surfaced early last year, with subsequent variations causing damage ranging from moderate to minor. Bug writers hit pay dirt with the Klez.h variant, however, which quickly became one of the most active worms ever after it surfaced last month.
Moscow-based security company Kaspersky Labs recently ranked Klez as by far the most active e-mail threat in April, responsible for 94.5 percent of all incidents reported during the month.
British e-mail screening firm MessageLabs ranks Klez.h as No. 3 on its list of all-time most active computer pests, with more than 391,000 infections intercepted. At current rates of infection, Klez.h should surpass the No. 2 bug, BadTrans.b, in a few days. It'll have a long way to go, however, to catch the all- time champ, the SirCam worm, still going strong with more than 748,000 interceptions to date.
If you can't find what you want the Virus info you are looking for may be in my "Virus Archives Page 11".
"Back to Main Entry Page for other Sections"
