| Author |
 Topic  |
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
 Posted - 10 December 2001 : 02:45:04
|
Quoted from Yahoo:
A new computer worm named ''Goner'' was spreading quickly through corporate and personal e-mail inboxes on Tuesday, deleting system files and clogging networks in what could be the biggest outbreak since last year's "Love Letter'' virus, security software vendors said.
"Goner is one of the most incredibly fast moving and potentially dangerous e-mail viruses we've seen,'' said Mark Sunner, chief technology officer of MessageLabs Inc.
Network Associates Inc. had seen several hundred thousand infections, said Michael Callahan, director of marketing for the company's McAfee division.
The worm, a virus that propagates itself to other computers through the Internet or other networks, is affecting users of Microsoft Corp.'s Outlook and Outlook Express, said Ian Hameroff, business manager of security solutions at Computer Associates International Inc.
People using ICQ instant messenger and Internet Relay Chat also are susceptible to the worm because files can be transferred across those networks, Hameroff said.
Outlook 2002 users are not as impacted since it blocks potentially harmful attachments by default and warns users when a program tries to access e-mail addresses, according to Internet Security Systems Inc.
The Goner worm arrives in an attachment masquerading as a screen saver, with an e-mail subject line of "Hi'' and text that says: How are you? When I saw this screen saver, I immediately thought about you I am in a harry (sic), I promise you will love it!"
Once the attachment is clicked, the worm sends itself to everyone in the user's e-mail address book, tries to close programs that are running and deletes certain system files, including security software, said Hameroff.
Goner also tries to install a back door on machines which could turn them into launch pads for denial of service attacks, said Symantec Corp.
In denial of service attacks malicious hackers remotely control multiple PCs, sometimes thousands of them, ordering them to flood Web servers with so much traffic that Web sites are effectively shut down to legitimate traffic.
"This is at outbreak status, which is very rare,'' said April Goostree, virus research manager at McAfee.com. "The last outbreak we had was 'Love Letter' in May 2000.''
A virus is given outbreak status by McAfee.com if it is determined to be spreading quickly and affecting large corporate networks as well as individual computer users, Goostree said.
One of the nastier aspects of the virus is its attempt to disable antivirus and firewall software, so that victims have to reinstall the software in order to prevent future infections, said Sunner of MessageLabs.
SPREADING QUICKLY IN EUROPE, US
UK-based e-mail security outsourcer MessageLabs Inc. said it had been receiving more than 100 copies of the worm a minute earlier in the day, totaling about 42,000 worldwide since early Tuesday morning, with users in 17 countries hit.
Anti-virus software firm Trend Micro Inc. said it had recorded infections in 17,000 work stations and 30,000 corporate e-mail accounts across Europe, primarily in France, Germany and the United Kingdom.
The first report came from a French company on Tuesday afternoon, said Raimund Genes, Trend Micro's European vice president of sales. The firm has issued a ``high risk'' warning on Goner, the same rating it assigned this summer's virulent Code Red worm
"I expect by tomorrow morning we will see something in Asia, and then from Asia, we'll see re-infections in Europe,'' Genes said.
The origin of the worm remained unclear. Trend Micro and McAfee.com said they suspect it originated in France. But Mikko Hypponen, manager of anti-virus research for Finland-based F-Secure, said he had his doubts, as the first recorded infections came from the United States and South Africa.
Hypponen also said he thought it suspicious that some of the victims were ICQ instant messenger and Internet Relay Chat users. "It's most likely written by a teenager targeting other teenagers,'' he said.
Experts cautioned people against clicking on attachments from people they don't recognize, urged corporations to block unnecessary attachments such as screen savers before they get through the e-mail gateway.
----
-Eric | Mod Resource | Test Area
Who has there phaser set to stupid?
http://phpscriptcenter.com -Quality PHP Scripts |
|
|
James
Average Member
USA
539 Posts |
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 11 December 2001 : 05:30:53
|
quote:
Never, ever click on an attachment that you don't know exactly what it is!
Especially if the file has two extentions (like .jpg.src or .doc.pif). Another way to stay a little safer is by turning off the auto preview function in Outlook and Outlook Express. This will keep Outlook (Express) from trying to open the attachments unless you view the e-mail.
If an e-mail has an attachment and you weren't expecting it, delete it or leave the e-mail there for a day or two (it usually only takes a couple days for anti virus software to get new files to detect and safely remove new virusses).
Just my $0.02
Roland |
 |
|
|
GauravBhabu
Advanced Member
4288 Posts |
Posted - 11 December 2001 : 06:45:37
|
Virus Prevention:
DELETE! The one word for the emails you don't know who has sent unless you hope to get a million Dollar reward  .
Open attachments only when you know who has sent and you expect so.
www.forumSquare.com - GauravBhabu - It is difficult to IMPROVE on Perfection, There is no harm in Keep Trying. |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 11 December 2001 : 15:10:38
|
I got the email today and even though I knew it was a virus I opened it on a computer that I never use, and not hooked up to any network to see what it would do. This is what the virus program found...
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: W32.Goner.A@mm
File: C:\Documents and Settings\administrator\Local Settings\Temporary
Internet Files\Content.IE5\NU5J7BCB\gone[1].scr
Location: C:\Documents and Settings\administrator\Local Settings\Temporary
Internet Files\Content.IE5\NU5J7BCB
Computer: PRC-H123-03
User: Administrator
Action taken: Clean failed : Delete failed : Access denied
Date found: Tue Dec 11 12:02:48 2001
Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 11 December 2001 : 17:16:24
|
quote:
Especially if the file has two extentions (like .jpg.src or .doc.pif). Another way to stay a little safer is by turning off the auto preview function in Outlook and Outlook Express. This will keep Outlook (Express) from trying to open the attachments unless you view the e-mail.
If an e-mail has an attachment and you weren't expecting it, delete it or leave the e-mail there for a day or two (it usually only takes a couple days for anti virus software to get new files to detect and safely remove new virusses).
Just my $0.02
Roland
Roland, you know, that option doesn't work for me! I am using Outlook Express 6 and it doesn't work. It's in the Options, Read Tab. "Automatically download message when viewing in the Preview Pane". That's the option you are reffering to right?
I am thinking that it doesn't show the message in the preview pane below unless you press the spacebar to view the email. But it still does that. I tried it on an email that has an attachement and it shows the contents of the attachment in the preview pane also.
Typical Microsoft products!!
- David |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 11 December 2001 : 17:21:00
|
just don't use the Preview Pane.
I use Microsoft Outlook that comes in Office XP. It warns you of potentially hazardous attachments and asks "Are you sure" if you attempt to open them. |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 12 December 2001 : 15:57:55
|
Davio: turn off the use of the preview pane (view > layout...> show preview pane). That way the messages won't be shown unless you double click them.
quote:
im looking for a fix for someone on a windows 98 computer, anyone see one? ive seen them for nt4 but thats about it.
If you mean the removal tool for goner, look here:
w32.goner.a@mm.removal.tool.html" target="_blank">http://www.symantec.com/avcenter/venc/data/w32.goner.a@mm.removal.tool.html
A good site to check for removal tools is:
http://www.symantec.com/avcenter/tools.list.html
Roland |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 12 December 2001 : 17:23:43
|
Nooooo. I can't not use the preview pane!! It just takes too long for me to double click the email and wait for it to load in the new window. 
I haven't had any problems with the preview pane and attachments. Zonealarm will change the filename and prevent any attachments from executing automatically. And I haven't had a virus on my computer for a coply years now, because I don't open attachments that I have no clue what it is. I always tell my contacts to send me whatever is in the attachment in the body of the email instead. Unless they are sending me a file that they told me they would send before time. 
- David |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 12 December 2001 : 17:49:51
|
LoL. When I mean long, I mean like a 2 second wait time. Compared to just clicking once on the email header and the message pops up in the preview window, within 1 second.
I wouldn't mind a new computer. I'm on a 350mhz IBM computer, with 128 RAM, using the AMD K6 chip. Bought it 3 years ago, but it still has some life still left in it.
- David |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 12 December 2001 : 17:59:51
|
lol, oh yea i can totaly see it now!
if i did the same thing the one second i would save on ever email i get, but the end of my life i might have an extra 2 days of living 
40 emails a day = 40 secs a day
40 secs = 280 secs a week
14560 secs a year (242.6 minutes a year, 4.04 hours a year)
Oh man I think I found my new company..
"Save time now, for 3 easy payments of $19.95 a month we will save you 4.04 hours a year just by reading your email. Think of how you could spend your extra time, goto Hawaii anyone?"
Brad
Web Hosting with SQL Server @ $24.95 per month
Snitz Mod Archive
|
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 13 December 2001 : 15:49:40
|
quote:
"Save time now, for 3 easy payments of $19.95 a month we will save you 4.04 hours a year just by reading your email. Think of how you could spend your extra time, goto Hawaii anyone?"
Lol.
That would mean that not having to read any e-mails anymore would save at least a year or two... and if you get a lot of mail it might save you a decade! WOW!
Roland
*I sure am glad I set my computer to open files on single click... I'm adding years to my life* |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 14 December 2001 : 00:37:30
|
If anyone is intrested in how these viruses get thier names, you can read up about it here: http://www.unl.edu/security/virus_names.htm
Quite intresting actually. Never knew the virus names tell something about the virus. Thought someone just came up with those letters and symbols.
- David |
|
|
| |
Topic |
|
Topic Locked
