Caution - New Email Virus

Lemming

Looking for single women!
Joined
Jan 19, 2000
Messages
579
Likes
0
#1
I just got this message concerning a new email virus from our computer people at work. Once again, please practice safe computing.

This is the information about the new Vote virus.
This virus arrives with an email message containing the following
information:
Subject: Fwd:Peace BeTweeN AmeriCa And IsLaM !
Body:
Hi
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: WTC.EXE


When this attachment is run, two VBScript files are dropped,
MixDaLaL.vbs and ZaCker.vbs. MixDaLaL.vbs is saved to the WINDOWS
directory and called immediately. It contains instructions to overwrite
all .HTM and .HTML files on all fixed and network drives with the text:
AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>>
ZaCkEr is So Sorry For You .
The hidden file attribute is also set on these files.
ZaCker.vbs is created in the WINDOWS SYSTEM directory and a registry key
is created to run this file at startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\Norton.Thar=C:\WINDOWS\SYSTEM\ZaCker.vbs
ZaCker.vbs contains instructions to delete all files in the WINDOWS
directory, add a FORMAT C: command to the AUTOEXEC.BAT file, display a
message box containing the text "I promiss We WiLL Rule The World
Again...By The Way,You Are Captured By ZaCker !!!", and exit Windows
The main executable also attempts to delete anti-virus software from
specific directories and to download a trojan from a YAHOO users site,
which is detected as PWS-CT
 

JuliusPleaser

Too much of a good thing.
Joined
Nov 22, 2000
Messages
4,392
Likes
0
#2
Originally posted by Lemming
Once again, please practice safe computing.
LOL! I need to run to the drugstore...

Thanks for the heads-up!
 

biglou

#3
Always, always, ALWAYS be very sure of the source and content of an "EXE" file. We are not allowed to send or receive executable files here at work anymore because someone opened a virus. Kinda sucks, hampers business sometimes, but that's how it is now.
 
Joined
Dec 10, 2000
Messages
1,490
Likes
1
#5
Originally posted by FritoBandito
There should be a way to shut off attachments all-together in email programs.
Any decent firewall can be configured to screen and quarantine any incoming or outgoing file type you wish. I use Zone Alarm, it warns me when I recieve several different types of files through email, .EXE files included.
 
Joined
Jan 10, 2001
Messages
314
Likes
0
#6
i emailed my resume to works conection asking for sponsorship...they wrote me back and said to click the attachment. i did so and it turned out to be a virus. luckily my virus checker caught it but geeze, what jerks
 
Joined
Dec 4, 1999
Messages
174
Likes
0
#8
Opinions please

I just received this today, not sure of anything on the internet anymore, was wondering what all you practicers of safe computing think. :)

HOW TO PREVENT YOUR PC FROM SENDING A VIRUS

Who among us doesn't know someone who has experienced the embarrassment
of unknowingly spreading a computer virus via their email address book?
You can stop this by taking control of your email program. For those who
are unaware, many computer viruses spread themselves by sending
themselves to everyone in your address book. Imagine how you would feel if
you were
unknowingly infected with a computer virus, and worse yet, your
friends, family, and business contacts were being targeted by your computer!
Well, if you want to avoid this sort of thing, here's a great tip:
This tip won't prevent YOU from getting any viruses
(you have to scan those attachments yourself before
opening them to do that), but it will stop those viruses
from latching onto your address book and sending itself out to others.
To avoid spreading computer viruses, create a contact
in your email address book with the name: !0000 with no email address in the
details.
This contact will then show up as your first contact in your address book.
If a virus attempts to do a "send all" on your contact list, your pc
will put up an error message saying that: "The Message could not be sent.
One or more recipients do not have an e-mail address. Please check your
Address
Book and make sure all the recipients have a valid e-mail address."
You click on OK and the offending (virus) message will not be sent to
anyone. Of course no changes have been made to your original contacts list.
The offending (virus) message may then be automatically stored in your
"Drafts" or "Outbox" folder. Go in there and delete the offending message.
Problem is solved and virus is not spread. Of course then you should handle
to eliminate the virus from your computer.
Try this and pass on to your email contacts. The more people that use this
technique, the less vulnerable we will be to viruses that spread in this
manner
So,,, is this Bravo Sierra???
 
Joined
Apr 9, 2001
Messages
59
Likes
0
#9
I'm wondering if it's BS too. Still, I already did it in case it works, although I NEVER open any .exe file no matter what.
 
Joined
Dec 4, 1999
Messages
174
Likes
0
#11
NEW VIRUS WARNING---

----
> > New 'War Vote' Virus Deletes Computer Files
> >
> > SAN FRANCISCO (Sept. 24) - Security experts on Monday warned
> > of a brand new
> > virus masquerading as a program that will allow people to vote
> > whether the
> > United States should go to war over the deadly Sept. 11 hijacker
> > attacks, but
> > which deletes computer files instead.
> >
> > The "Vote Virus" is spreading via e-mail to users of Microsoft
> > Corp.'s
> > Outlook e-mail program, said Simon Perry, vice president of
> > security
> > solutions at Computer Associates International Inc.
> >
> > The virus appears with the subject line: "Peace between
> > America and Islam!"
> > and the body of the e-mail reads: "Hi. Is it a war against
> > America or Islam!?
> > Let's vote to live in peace!" Perry said.
> >
> > When the attachment entitled "WTC.exe" is opened, the virus
> > deletes all the
> > files on the computer's hard drive and sends copies of the
> > e-mail to every
> > address listed in the computer's address book, he said.
> >
> > The virus also defaces any Web pages that are hosted by an
> > infected
> > computer to read: "America ... few days will show you what we
> > can do!!! It's
> > our turn >>> Zaker is so sorry for you."
> >
> > The virus is believed to be the work of an opportunist and not
> > associated
> > with the Sept. 11 jetliner attacks on the World Trade Center and
> > Pentagon in
> > which more than 6,000 people are believed to be dead or missing.
> >
> > "There is no evidence that this is related to the people who
> > carried out"
> > the attacks, Perry said.
> >
> > "We feel this is likely to get quite a high pickup in that a
> > lot of people
> > are going to click on this," he said. "If the news about this
> > doesn't get out
> > before people get their e-mails, they're at risk."
> >
> > SICK SENSE OF HUMOR
> >
> > Perry said he expects there will be more socially engineered
> > viruses
> > created in the future that will take advantage of people's
> > interest in the
> > attacks and the subsequent political and military repercussions.
> >
> > "What this is is a sick sense of humor," Perry said. "Chances
> > are this is
> > not any kind of cyber-terrorism. It's just cyber terror."
> >
> > As many as 10 large corporate customers of Computer Associates
> > have been
> > infected since the virus first appeared Monday morning, Perry
> > said.
> > Researchers do not know where it originated from but it has not
> > yet hit
> > Europe and Asia, he said.
> >
> > Computer Associates is working on software that will enable
> > its Innoculate
> > anti-virus software to detect the new virus and prevent it from
> > infecting a
> > computer, Perry said.