Another Virus

[~Lazarus~]

Please be advised of a new mass mailer worm that has been reported to exist in the wild The name of this worm is W32.Vote.A@mm. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products.
Delete any email you receive with the subject Fwdeace BeTweeN AmeriCa and IsLaM!
Do not open any emails with the attachment WTC.exe
When executed, the worm will attempt to email itself to all contacts in the Microsoft Outlook address book. The email will appear as follows.

Subject: Fwdeace BeTweeN AmeriCa and IsLaM!

Message:
Hi
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!

Attachment: WTC.EXE

What to expect if you open the message and click on the WTC.EXE
The worm will insert two .vbs files on the system:
\<Windows folder>\ZaCker.vbs
\<Windows\System folder>\MixDaLaL.vbs
The worm will attempt to delete all files from several folders.
The worm will attempt to download and execute a file.
As the file is executed, it will look through all folders on all fixed drives and network drives for files with the extensions .htm or .html. If such a files are found, they are overwritten with the message:

AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You

When executed at the next restart, this file will attempt to delete all files in the \Windows folder.
Next, the worm will create or overwrite the file C:\Autoexec.bat. Inside the file there will be a command that formats the C drive. The Autoexec.bat file is executed on Windows 95/98/Me and DOS systems when you start the computer.

 

[old.MrCurverUk]

good job i delete all attachments i get in the mail else i would be flooded with virii by now

 

[Wij]

Never had one. I'm not popular enough

(Note: don't send me one plz )

 

[old.MrCurverUk]

/me floods Wij with virii

 

[Summo]

Eww!

 

[Wij]

virii. not tadpoles.

 

[old.Davehart]

have to say thumbs up BarrysWorld for notifying people of possible virus that have been sent to your mailbox. Got about 6 of those warnings last week, saves deleting them

 

[whipped]

not suprised

I was waiting for some to use the WTC events in some social engineering context. Viruses are cool. They keep me in a job

 

[Moving Target]

ivd never had a virus or a virus email

 

[Sir Frizz]

Originally posted by Moving Target
ivd never had a virus or a virus email

me neither

 

[raw]

Not had a virus in quite sometime now i use Norton Antivirus, anything that comes through via email though, if i dont recognise the address i check out where it came from before i open it, if it looks dodgy in the bin it goes.

Norton also scans any emails so thats like x2 protection

Thanks for the warning though.

 

[Summo]

Norton sucks cock and you know it. Use McAfee, ffs.

Heh.

 

[Wij]

McAfee are the tight-arsest money-grabbingest wouldn't-save-their-granny-from-torture-without-a-fifty-grand-contractest company on the face of the planet. The sooner I can send them a virus which wipes out all their shitty software forever, the better !!!!

 

[Will]

Bad experience, Wij?

 

[Wij]

Erm, perhaps

 

[Summo]

On the contrary. We've sorted out a deal with them which means we can use their entire Total Defence Suite (desktop, email and gateway protection for all OS's) for a dirt-cheap price. Includes all County schools AND the home PCs of staff. An absolute bargain.

Plus they also make the best anti-virus software.

 

[whipped]

Use a spectrum = No viruses!!

Simple

 

[Wij]

My experience was rather different. Plus the checker falls over 5 minutes after I log on every day

 

[Summo]

Originally posted by whipped
Use a spectrum = No viruses!!

And no software.

Wij - are you using VirusScan v4.51 or some earlier version? Or is some home-user variant?

 

[Wij]

4.5.0 on NT4

 

[Summo]

Yeah... I skipped over 4.50 and went back to 4.03 instead. Seemed to hog memory like a bastid and interfered with a couple of custom apps.

Try running 4.51. Have been using that on all Windows OS's (except 3.1 ) for ages. No problems at all.

 

[Testin da Cable]

tvd blows =p

 

[PR.]

Originally posted by testin_da_cable
tvd blows =p

Couldn't agree with you more. We spent several thousand quid for that 4.5 its absolute shite, Win2k will often come to a hault and when checking Task Manager you find some program that you 'closed' two hours ago that McAfee is using 100% CPU time to scan it.

And Groupshield almost turned our Exchange server into a glorified toaster after offering to uninstall the previous version but instead just copied itself over and hosed Exchange, so now we have 2 groupshield control panels in the Admin control that paired with the fact that you can't scehdule GroupShield to update weekly when you d/l the dat file without having to walk up to the server and force it


Bunch 'a' crap

 

[Summo]

Hmm. Different experiences, obviously. We've got 37 Exchange servers all running GroupShield with not one problem. You can schedule automatic updates from the Internet or local/remote server.

 

[PR.]

Well? how'd you do it?

 

[Testin da Cable]

sure we have had different results too, just on the 'overall' we had to smack tvd about pretty harshly before it behaved. it does perform ok now, but we make pretty sure we've got roll-back engines and stuff in place before we do anything remotely like an upgrade or so.
also we get new engines and dat files delivered to us by mac, so we can play wiv em before setting em up on the servers. caught several 'issues' that way heh. still, it's not the way I prefer to work

 

[]SK[]

Originally posted by SomeGuy
Norton sucks cock and you know it. Use McAfee, ffs.

Heh.

Nah Norton rocks. My Older version shows a splash screen of Peter Norton every time u boot the computer. The best bit about symantec is that they make those virus removal tools which save me s*it loads of time at work.

 

[Summo]

Okay, but you don't need separate tools with McAfee - it's all built in. Plus Ole Pete Norton looks like a cunt, and insists on demonstrating it on every f'king Symantec box. And 9 times out of 10 they release updates for high risk viruses several hours after McAfee. One time it was posted two days later, but I can't remember which virus that was.

Still, I'm not defending McAfee. I like their products but each to their own.

 

[]SK[]

Alot of companies I see use Norton AV, think Ive seen one with McAfee.

 

[MYstIC G]

Originally posted by Wij
Never had one. I'm not popular enough

Shame thats not true in terms of STD's aint it Wij