Neuer (alter) Virus

[Andy]

zusammengefasst:

keine mails/attachments mit dem Betreff/Dateinamen: thankyou ,your details, oder so aehnlich aufmachen.
Dateiendung ist meist ".pif" oder ".scr." .

Hab grad folgende Virenwarnung aus der Firma bekommen (bin aber zu faul, das alles zu uebersetzen)


FYI, delete all the email you get with a thankyou.pif
or similar as Subject or Detail. Somehow this virus
has gone to alot of aliases.

Regards,
Daniel...

-----------------------------------------------------------------------------


Old Virus Has a New Trick: Mailing Itself in Quantity

August 20, 2003
By JOHN SCHWARTZ

If the e-mail message offers "details," "That movie" or
"Wicked screensaver," don't open the attachment. (And why
are you still opening unsolicited attachments, anyway?
Don't you ever learn?)

One of the most common rogue computer programs on the
Internet made a virulent reappearance yesterday. The virus,
known by security companies as SoBig.F, spread rapidly by
e-mail messages across computer networks.

MessageLabs, an e-mail security company that described the
virus in an alert yesterday, said it was "spreading very
vigorously." Other virus experts were more blunt.

"It's shooting off like a rocket," said Ken Dunham,
malicious code intelligence manager for iDefense Inc. in
Reston, Va. The flood of e-mail does not necessarily mean
that especially large numbers of machines are infected, he
said. This bug is simply more efficient than previous
programs at sending itself around. The mail program that
the virus uses is "multithreaded," which allows it to send
out many copies at once.

But the creator of the program appears to have gone a step
further, Mr. Dunham said, using computers that were taken
over by previous versions of the SoBig virus to mass-mail
copies of the program, as spammers do.

Like many other mass-mailing viruses, SoBig comes with its
own mail program that trolls through the victim's address
book, stored Web pages and other files, picking up e-mail
addresses. It then sends itself to every address it finds,
and often disguises the sender's true identity by
substituting an address from the victim's machine. Once the
program has infected a machine, it will download a Trojan
horse program that could allow an attacker to take over the
target PC.

The new SoBig comes during a busy time in the malicious
software world. Computer users have had to deal with
onslaughts from several new programs lately, including the
Blaster worm and another called Nachi or Welchia, which has
been marauding through corporate computer networks. Like
most rogue programs, this latest virus affects computers
running versions of Microsoft operating systems.

With SoBig, many computer users whose machines become
infected often bring the problem upon themselves by trying
to open the attachment that comes with the e-mail message.
It might be called "your details," "thankyou" or other
names, but almost always ends in the file extension ".pif"
or ".scr."

Infection can be prevented by deleting suspect e-mail
messages without clicking on the attachments, virus experts
said yesterday, but "once somebody lets that one part in,
it will quite happily propagate itself" throughout a
network, said Vincent Weafer, senior director of Symantec
Security Response. The program is blocked by recent
versions of most antivirus programs.

Like other variants of SoBig, the program was written to
stop spreading on a certain date, in this case Sept. 10.
Computer virus experts suggest that the program's creator
is releasing each version for a limited time in a process
of testing, tinkering and improvement.

http://www.nytimes.com/2003/08/20/techn ... c71825ac36

[Rolf]

Das ist ja immer so. Aber ich sag: Grundsätzlich keine Attachments öffenen, die ausführbaren Code enthalten können, also *.exe, pif und was weiß ich nicht noch alles. Andersherum kann man getrost ein *.jpg öffenen, aber niemals ein *.jpg.pif, denn das ist wiederum ein pif und kein jpg.

Ach, ich gebs auf...

Rolf

[Rolf]

Ähm, ich hab einen Virus in den Fingern. "Öffnen" kann ich noch schreiben, aber nur mit sehr viel Beherrschung

Rolf