Virus Warnings

Viruses are an unfortunate part of our industry. On this page we'll provide details of any virus warnings.

Sasser Worm [05/05/04]
Symantec Virus Alert - W32.Netsky.D@mm [04/03/04]
Virus Advisory: W32/Bugbear.b@MM [6/6/03]
Virus Advisory: W32/Fizzer@MM [13/5/03]
Virus Advisory: W32/Nicehello@MM Targets MSN Messenger [14/3/03]
Virus Advisory: W32/Sober.c@MM [24/12/03]
What You Should Know About the Mydoom Worm [28/01/04]

Sasser Worm

Contributed By: Cliff Hobbs [MVP SMS]
Here is the latest information from Microsoft on the Sasser Worm and how to remove it… [Go to article]

Symantec Virus Alert - W32.Netsky.D@mm

Reproduced from the Symantec Virus Alert Service
Symantec has upgraded the W32.Netsky.D@mm to a Level 4 threat [On a scale of 1-5, 5 being highest].

W32.Netsky.D@mm, a variant of the recent W32.Netsky.C, a mass-mailing worm that uses its own SMTP engine to send itself to e-mail addresses it finds when scanning a hard drive. This may clog mail servers or degrade network performance. The worm attempts to remove registry keys for various worms such as W32.Mydoom.A@mm, W32.Mydoom.B@mm and W32.Mimail.T@mm, attempting to deactivate these threats.

More details available from:

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Virus Advisory: W32/Bugbear.b@MM

Reproduced from the McAfee Dispatch
A new variant of the Bugbear virus, W32/Bugbear.b@MM is a HIGH RISK mass-mailing worm that contains numerous malicious elements, including a keylogger, network share propagator, remote access trojan, polymorphic parasitic file infector and terminator of security software.

Creating privacy and security concerns for consumers, these elements may allow a remote attacker to access an infected PC and log all keystrokes, including passwords and personal information. It also mass-mails itself without the user's knowledge, spreads across network shares and embeds itself deep into the infected PC.

More details available from:

http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=5760

Virus Advisory: W32/Fizzer@MM

Reproduced from the McAfee Dispatch
W32/Fizzer@MM is a Medium-On-Watch mass-mailing worm, which spreads by emailing itself to addresses in your Windows Address Book and others on your PC. It tries to terminate your AV software, contains a keylogger and attempts to spread using other programs, including IRC, AIM and Kazaa.

It arrives as an executable email attachment, requiring users to double-click on the file to become infected.

Caution: An infected email can come from addresses you recognize and may contain the following information:

Subject: [content varies]
Body: [content varies]
Attachment: [ standard executable extensions: .exe, .pif, .scr ]

More details available from:

http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=5531

Scan for W32/Fizzer@MM:

http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=5127

Virus Advisory: W32/Nicehello@MM Targets MSN Messenger

Reproduced from the McAfee Dispatch
Users with Hotmail addresses in MSN Messenger are vulnerable to W32/Nicehello@MM, a MEDIUM RISK mass-mailing worm that emails itself to MSN Messenger contact lists. Worse, it also attempts to send MSN Messenger usernames and passwords to the virus author via an email message. So far, the virus has a limited spread, but has been seen in several languages, including English and Spanish. More details available from:

http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=5126

Virus Advisory: W32/Sober.c@MM

Reproduced from the McAfee Dispatch
W32/Sober.c@MM is a MEDIUM RISK mass-mailing worm. The worm arrives as an email with varying subject lines and message bodies (in English and German). When run, the worm displays a series of fake error messages. It then infects the host computer and emails itself to email addresses collected from the victim's machine...

More details are available from:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100912

A free scanner is available from:

http://us.mcafee.com/root/mfs/default.asp

What You Should Know About the Mydoom Worm

The following is an extract from an article Microsoft have published relating to the Mydoom worm. The full article can be accessed at:

http://www.microsoft.com/security/antivirus/mydoom.asp

"Why We Are Issuing This Alert
W32/Mydoom@MM spreads through e-mail. This worm can disguise the sender's address, a tactic known as spoofing, and may generate e-mail messages that appear to have been sent by Microsoft. Many of the addresses Mydoom uses are valid addresses that are being spoofed for malicious purposes.

Technical information about the virus is available from antivirus vendors participating in the Microsoft Virus Information Alliance (VIA). The Mydoom worm is also known by the names Novarg, Shimg, and Mimail.R.

If you ever receive a questionable e-mail message that contains an attachment, do not open the attachment. If you cannot confirm with the sender that the message is valid and that the attachment is safe, delete the message immediately. If you receive a questionable message that purports to be from Microsoft, you should be aware that Microsoft never distributes software through e-mail."

PLEASE NOTE: We NEVER send out unsolicited email. Neither do we pass on anyone's details to third parties such as email addresses without the owner's permission. Please err on the side of caution. If you get an email from any FAQShop address and you're unsure about it either delete it without opening it or email me at Cliff and I'll verify it's genuine.