|
|
||||||
 |
|||||||
|
|
||||||
|
|
|||||||
Virus, Chain Letter, Petition, Scam & Hoax Information
Current Threats - Updated 4/28/2003
Virus Protection * General Hoax Info * Specific Hoaxes & Scams
Updated 4/28/2003 Here's some info on some of the viruses and hoaxes that are currently circulating, and links to sites that give you more information or help detecting and cleaning up. You can search for information and find out if what you've got is a real virus or a hoax at the Symantec security site and at the Urban Legends site. Please do check these kinds of things out to see if they are legit before sending them around, passing on hoaxes does no one any good, raises the background anxiety level, and clogs the e-waves. In case of real viruses, I do recommend getting good anti virus software and keeping it updated at least weekly.
Note from Will Linden: It is also a good idea to subscribe to the Internet Tourbus and Langalist for alerts on both the more obnoxious hoaxes and REAL threats.
Symantec (Norton) Antivirus and McAfee Antivirus
For more info on viruses - Symantec's virus research center
Search the virus database by key words in the message or virus/hoax name
Real Viruses and Current Threats
W95.Hybris.worm - hahaha@sexyfun.net ; Snow White and the Seven dwarves
W32.Vote.A@MM - "Peace BeTweeN AmeriCa and IsLaM! - WTC.EXE"
W32/Nimda@MM - "Readme.exe"
W32/SirCam@MM - "I send you this file to have your advice"
"Naked Wife"
Urban Legends, Chain Letters, Petitions, Scams & Hoaxes
General Reference Sites
U.S. Dept. of Energy-Computer Incident Advisory Center
The AFU and Urban Legends Archive
Klingerman Virus - free gift contains real virus
Yahoo! or anyone requests you to send your login and password
Email Tax / 5 Cent Charge Bill
Petition for the Women of Afghanistan
Family Pictures or New Pictures of Family virus
Nigerian Banking / General Abacha / Request for Urgent Assistance / Nigerian Oil / Nigerian Customs Officer / Nigerian Barrister / Confidential / Just the Two Of Us
Real Viruses
Learn more and get up-to-the-minute information at
Symantec (Norton Antivirus) or McAfee Antivirus
| CURRENT THREAT!
W32.Klez.E@mm, W32.Klez.H@mm, W32.Klez.gen@mm 4/28/2003 Undeliverable mail--"[xxx]" |
--- W32.Klez.gen@mm is a mass-mailing worm that will send itself to all email addresses in the Microsoft Outlook Address Book. The subject and attachment name of incoming emails are randomly chosen. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. The worm may include a virus that will destroy all files on the 13th of March and September. Because this worm does use a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers receive complaints that they have sent an infected message to someone else. There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your email address is jsmith@anyplace.com, you could receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send email and the attempt failed. If this is the false message that is sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened. If the message is opened in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be automatically executed. Information about this vulnerability and a patch are available at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp Removal Tool: --- W32.Klez.E@mm is similar to W32.Klez.A@mm. It is a mass-mailing email worm that also attempts to copy itself to network shares. The worm uses random subject lines, message bodies, and attachment file names. The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. Information and a patch for the vulnerability are available at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp. The worm copies itself to local, mapped, and network drives as: More Info: Removal Tool: --- W32.Klez.H@mm is a modified variant of the worm W32.Klez.E@mm. This variant is capable of spreading by email and network shares. It is also capable of infecting files. Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. Releases confidential info: Worm randomly chooses a file from the machine to send along with the worm to recipients. So files with the extensions: ".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc" or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg" or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages along with the viral attachment. More Detail: Removal Tool: |
|
W95.Hybris.worm hahaha@sexyfun.net 4/28/2003 |
W95.Hybris.worm is a dropper file that the W95.Hybris.gen worm copies to a hard disk when an infected email attachment is opened. It can also be detected in the original attachment that is received from an infected computer.
The email message or subject may include, but is not limited to: hahaha@sexyfun.net The attachment may have one of several different names, including, but not limited to: More Info: |
|
W32.Yaha@mm Valentin.scr 4/28/2003 |
W32.Yaha@mm sends itself to all email addresses that it finds in the Windows address book. It also sends email to all addresses that it finds within files in the Cache folders that have the file extension .ht*. It sets itself to run whenever any other executable files are run.
The email message will have an attachment named Valentin.scr. More Info: |
|
"WTC.EXE - Peace BeTweeN AmeriCa and IsLaM!" W32.Vote.A@MM 9/25/2001 |
W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products, damage .html files, delete files from the windows directory, and potentially reformat your C: drive.
Do NOT run this executable, just delete the email then empty your email trash. Here's what it looks like: Subject: Fwd:Peace BeTweeN AmeriCa and IsLaM! Message: Here's a link for info and removal instruction at the symantec site, and also at the McAffee site (click on W32.Vote.A@MM on the front page or search for Vote.A Virus detection is available using either Norton Antivirus and McAfee Antivirus. DO NOT open attachments, just delete the email and then empty your email trash. If you have been infected with this virus, here's where to get help on recovering: |
|
"Readme.exe" W32/Nimda@MM 9/20/2001 |
W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.
When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Email may have a Readme.exe file as an attachment, or attachment may not be displayed. If you visit a compromised Web server, you will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. You can disable "File Download" in your Internet Explorer internet security zones to prevent this compromise. Read more about this virus here or here. Virus detection is available using either Norton Antivirus and McAfee Antivirus. |
| CURRENT THREAT!
"I send you this file in order to have your advice" 7/17/2001 W32/SirCam@MM |
SirCam is circulating amongst the dance community (and is at large in general) This is an email worm and it is a bit hard to spot as it changes the name of the email and the attachments every time it is sent. Body of the message reads something like: English Version: Between these two sentences, some of the following text may appear: Spanish Version: Between these two sentences, some of the following text may appear: Virus detection is available using either Norton Antivirus and McAfee Antivirus. DO NOT open attachments, just delete the email and then empty your email trash. If you have been infected with this virus, here's where to get help on recovering: Symantec (I find these instructions to be the easier to use of the two) or McAfee click on W32/SirCam@MM info in the upper right red box or search for SirCam |
| THREAT!
3/5/2001 Naked Wife |
W32.Naked@mm - message reads something like: My wife never look like that! ;-) read more at: Symantec |
Urban Legends, Chain Letters, Petitions, Scams & Hoaxes
These are hoaxes, they are not real viruses... Please do not propagate them, forward them, or worry over them. You can read more about these at the Symantec security site and at Urban Legends site.
| Subject: Warning
"Klingerman Virus" |
This is not a real virus - it's a hoax. Usually an email that gets mailed in chain letter fashion describing a package that comes in the mail containing a "real virus". There is no such virus.
Read more about this particular hoax at the Center For Disease Control's site. Here's part of the hoax message: " Subject: Warning received from Police...please read and pass along A t t e n t i o n : This is very scary and is not a joke. Please read - it definitely is a serious threat to our lives and health. This is an alert about a virus in the original sense of the word..... one that affects your body..... not your hard drive. There have been 23 confirmed cases of people attacked by the Klingerman Virus a virus that arrives in your real mailbox,, not in your e-mail inbox. Those who have come in contact with the Klingerman Virus have been hospitalized with severe dysentery. So far seven of the twenty-three victims have died. |
| This is not a real virus - it's a hoax. Usually an email that gets mailed in chain letter fashion describing some devastating highly unlikely type of virus, you can usually spot a hoax because there's no file attachment, no reference to a third party who can validate the claim and the general 'tone' of the message.
Read more about this particular hoax. |
|
| Subject: No more free E-mail - 5 cent charge on email - Bill 602P | This is not a real bill - it's a hoax. Usually an email that gets mailed in chain letter fashion, the email reads:
"Guess the warnings were true. Federal Bill 602P 5-cents per E-mail sent. It figures! No more free E-mail! We knew this was coming!! Bill 602P will permit the Federal Government to charge a 5-cent charge on every delivered E-mail. Please read the following carefully if you intend to stay online and continue using E-mail." This hoax has been circulating for a couple of years in various forms but has absolutely no basis in fact... Read more about this particular hoax. |
| Petition for the Women of Afghanistan | Regarding this petition... here's the reset of the scoop... it's a dead end for the reasons listed below... please don't propagate it... (and thank you to the original author of this, sorry...I've lost the reference...)
part of the original petition message: IMPORTANT PETITION!!! If you decide not to forward this, please send it back to me. I know this is too true and so dreadful. Oprah actually had a show about this atrocity. This is an actual petition, and "signatures" will be lost if you drop the line. Please take 3 minutes out of your life to do your part. This link will tell you more about this petition - the synopsy is below: The information above is accurate and the cause worthy. Unfortunately, the well-meaning individual who created this message chose the wrong means by which to accomplish her goal. Here is Brandeis University's explanation for having canceled that person's email privileges and deleting all submitted copies of the petition unread: Please read this message carefully, especially the next two sentences. Do not reply to this email. Do not forward this email to anyone else. Anyone who needs a copy, already has one. Do not make things worse. Do not "help" by forwarding this message to everyone who has corresponded with you on this subject. Due to a flood of hundreds of thousands of messages in response to an unauthorized chain letter, all mail to sarabande@brandeis.edu is being deleted unread. It will never be a valid email address again. If you have a personal message for the previous owner of that address, you will need to find some means other than email to communicate. sarabande@brandeis.edu was not an organization, but a person who was totally unprepared for the inevitable consequences of telling thousands of people to tell fifty of their friends to tell fifty of their friends to send her email. It is our sincere hope that the hundreds of thousands of people who continue to attempt to reply will find a more productive outlet for their concerns. There are several excellent organizations and individuals doing real work on the issues raised. Some of them were mentioned in sarabande's letter. None of them authorized her actions. We suggest that you contact them through non-virtual channels to help. They all have web sites with information and contact points. Unlike sarabande, they can channel your energy in useful directions. Do not let this incident discourage you. Please do not forward unverified chain letters, no matter how compelling they might seem. Propagating chain letters is specifically prohibited by the terms of service of most Internet service providers; you could lose your account. For more information, see: U.S. Policy on the Treatment of Women in Afghanistan |
| Yahoo! or anyone requests your account login and password | Contributed by Angelique, moderator of several of the belly dance groups on Yahoo If you get the following email message or anything SIMILAR to it, forward the message and headers to abuse@yahoo.com Do not reply to this email. Do not send your account logins and passwords to anyone. Do not forward this email to anyone else. Dear Yahoo Member, We here at Yahoo are updating out servers, We are currently running dangerously low on webspace and in order to reactivate your account you need to reply to this e-mail with your login name and password. Any accounts that do not reply to this e-mail within 48 hours will be terminated. During the next few days you might experience some problems logging in to your account but this is just because of the technical problem we are experiencing. We are sorry for any inconvenience this causes. Please reply to the email address below. And jus to insure you, all information, such as your user name and password will remain strictly confidential. JOHN WAYNES The return address says "staff@yahoo.com" and there is a link to yhoo_server_bot@yahoo.com right after the name. THIS IS A HOAX. Note the 48-hour response window (Yahoo! gives 2 weeks normally), spelling errors, and most importantly the REQUEST FOR YOUR PASSWORD. Yahoo! will NEVER ask for your password under any circumstances! |
| Nigerian Banking General Abacha Request for Urgent Assistance Nigerian Oil Nigerian Customs Officer Nigerian Barrister Confidential Just the Two Of Us |
This is more than a hoax, it's the opening gambit in a for-real scam known as the Spanish Prisoner (or sometimes the Pigeon Drop) - in which they promise (someone) will give you lots of money if you will help get them (or their money) out of (where ever) by using your funds (bank account, business letter head, etc.) to make it happen... this scam has been around for several hundred years - and it still works.
This is a variation on the Spanish Prisoner currently working as the Nigerian Money Scam / Nigerian Letter / "419" Scam ... it's for real and people have been know to bite, even recently - at the cost of being completely cleaned out... some have lost literally millions. Here's a list of threads on this never ending scam: thread 1 - thread 2 - thread 3 A news article on a Canadian bust for this fraud. There's a link on the FBI site for this - it requests you forward information on this fraud to them... they actively prosecute these con men... if you'd like to pass your version along to them, or read more about it, here's the location on the FBI site. Here's an example of how this sort of letter goes: Subject: JUST THE TWO OF US. First, I must solicit your strictest confidence in this transaction, this is by virtue of its nature as being utterly confidential and top secret. I am the Secretary of the Contract Review Panel instituted by H. E.President Olusegun Obasanjo to probe/review all Contracts executed and payments made during the regime of late General Sani Abacha. I have been mandated and nominated by my colleagues in the Panel to seek your assistance in the transfer of the sum of US$21.320 Million into your Bank Account. As you may know, the late General Abacha and members of his government embezzled billions of dollars through spurious contracts and payments to foreigners between 1993 * 1998 and this is now the subject of probe by my Panel. |
|
Learn: Hot List Resources | FAQ | Classes & Seminars | Lessons On-line | Historical Video Archive Project | Articles |
|
|
Gallery: Aziza Sa'id | Troupe | Trip to Turkey | MED-Dance List | Old Photos & Etchings | Dance Artwork | On-line Video Clips |
|
|
Other: Poetry & Prose | Cool Stuff | Scuba Gallery | Virus/Hoax | Online Postcards | |
 URL: http://www.ZillTech.com |
Designed and built by Aziza Sa'id herself, with assistance from her engineering alter ego Megan Marti'n.
Last Revised: 4/28/2003
|