Hello

I was sent an email virus today.

It is 'I - Worm / Mimail'.

It's quite convincing.

The free AVG 6 software caught it before too much damage was done.

There is information about it here:-

http://www.avp.ch/avpve/worms/email/mimail.stm

Ron

:devsmoke: :devsmoke:

Hi Ron :wavey:

Think that sort of worm has been doing the rounds for a while and you've been lucky to avoid it until now.
I've recieved a few up until now... and i expect it to continue or even grow exponentially :(
Emails from Administrators are a sneaky way of trying to catch people out and if you opened it, you were lucky that your software was up-to-date.... best thing is NOT to open..... just delete.
The only time i let myself down was when i opened a hotmail account email from a friend that i couldn't preview and my last New Year's eve was ruined :cry: Spent all night getting rid of the little sod... and the subsequent problems took days and i had to delve into my registry to fix what the worm and trojan had done :(
And then there are your friends who haven't been so careful and thanks to the mail worms they have, keep sending you copies of themselves.... and it's really freaky when you end up getting viruses from yourself because your friends have more than one account address for you :afire: :grind:
Had to get them to delete ALL my contact addresses.... or i would have had to kill them :p

The joys of worms... and cutting them in half and watching them wriggle regardless! :shrug:

Just seen an interesting point in theregister (at http://www.theregister.co.uk/content/56/32378.html)

Basically, the main point of the article is that several people have recieved a patch supposedly emailed from microsoft.

Be aware that Microsoft NEVER email patches as attachments. If they do send an email, it will contain a link to the patch.

See http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/policy/swdist.asp for details.

Here we go again, another rehash of an old virus.

http://news.bbc.co.uk/1/hi/technology/3164861.stm

Yeah but what about this one :D

http://news.bbc.co.uk/1/hi/technology/3163001.stm

For all you linux fans out there. :)


TITLE:
Mandrake update for gdm

READ ONLINE:
http://www.secunia.com/advisories/9590/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information, DoS

WHERE:
From local network

OPERATING SYSTEM:
Mandrake Linux 9.x
Mandrake Corporate Server 2.x

DESCRIPTION:
MandrakeSoft has issued updated packages for gdm. These fix three
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) on the gdm daemon or read the content of
arbitrary files on a vulnerable system.

For more information:
http://www.secunia.com/advisories/9571/

NOTE: XDMCP support is disabled by default.

SOLUTION:
Upgrade automatically using MandrakeUpdate or manually by downloading
the updated packages from one of MandrakeSoft's FTP server mirrors:

http://www.mandrakesecure.net/en/ftp.php


Updated Packages:

Corporate Server 2.1:
47a2d84bfff0e842657e789e085b434d
corporate/2.1/RPMS/gdm-2.4.1.6-0.2mdk.i586.rpm
8536d89374219e42ad6ca6c441ffb0d1
corporate/2.1/RPMS/gdm-Xnest-2.4.1.6-0.2mdk.i586.rpm
35ab7f8231548f1daa4571bfb5e77054
corporate/2.1/SRPMS/gdm-2.4.1.6-0.2mdk.src.rpm

Corporate Server 2.1/x86_64:
252fc231c85e88411ca50a05f0404688
x86_64/corporate/2.1/RPMS/gdm-2.4.1.6-0.2mdk.x86_64.rpm
3f8b47c14e0d7fc4c2d76171e3ee0b5a
x86_64/corporate/2.1/RPMS/gdm-Xnest-2.4.1.6-0.2mdk.x86_64.rpm
35ab7f8231548f1daa4571bfb5e77054
x86_64/corporate/2.1/SRPMS/gdm-2.4.1.6-0.2mdk.src.rpm

Mandrake Linux 9.0:
47a2d84bfff0e842657e789e085b434d
9.0/RPMS/gdm-2.4.1.6-0.2mdk.i586.rpm
8536d89374219e42ad6ca6c441ffb0d1
9.0/RPMS/gdm-Xnest-2.4.1.6-0.2mdk.i586.rpm
35ab7f8231548f1daa4571bfb5e77054
9.0/SRPMS/gdm-2.4.1.6-0.2mdk.src.rpm

Mandrake Linux 9.1:
9d8a97cc5f475f16eeb73caa9d7d8e6b
9.1/RPMS/gdm-2.4.1.6-0.3mdk.i586.rpm
4f866c5b5b4903d1b0751bcb6dc28d0f
9.1/RPMS/gdm-Xnest-2.4.1.6-0.3mdk.i586.rpm
91f0ff2421135e32f604d6cb82081439
9.1/SRPMS/gdm-2.4.1.6-0.3mdk.src.rpm

Mandrake Linux 9.1/PPC:
0cb8fbd74766c4d0036cab36d57b6081
ppc/9.1/RPMS/gdm-2.4.1.6-0.3mdk.ppc.rpm
fb0df358c4d6c9a7cf3982c4d3258004
ppc/9.1/RPMS/gdm-Xnest-2.4.1.6-0.3mdk.ppc.rpm
91f0ff2421135e32f604d6cb82081439
ppc/9.1/SRPMS/gdm-2.4.1.6-0.3mdk.src.rpm

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

Originally posted by dellwear
Here we go again, another rehash of an old virus.

http://news.bbc.co.uk/1/hi/technology/3164861.stm

Yeah i read about that in todays papers,

To be honest you would have to be extremmly stupid to be caught oput by that virus, but unfortunatly, lots of people are:eek:

I just got another!!


TITLE:
Red Hat update for kernel

READ ONLINE:
http://www.secunia.com/advisories/9587/

CRITICAL:
Moderately critical

IMPACT:
Privilege escalation, DoS

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS
RedHat Enterprise Linux WS
RedHat Enterprise Linux ES

DESCRIPTION:
Red Hat has issued updated packages for the kernel, which fix
multiple vulnerabilities.

For more information:
http://www.secunia.com/advisories/9316/
http://www.secunia.com/advisories/9403/

SOLUTION:
The updated packages are only available via Red Hat Network:
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2003-239.html

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

:rolleyes:

Originally posted by ic14
Yeah i read about that in todays papers,

To be honest you would have to be extremmly stupid to be caught oput by that virus, but unfortunatly, lots of people are:eek:

Also now as more people migrate to BB the spread is enhanced as the BB connection can send out more mails with the virus on them more quickly than on a dial up.

My PC got it on Tuesday midday. Yes User error, opening an attachment. It was saved and scanned but suppliers virus patterns had not yet been updated for it! I'd updated 4 hours earler! It sent out at least 150 mails before I hit the lock on Zone Alarm, that was in the space of a minute.

Of course then you have to work out how to disable it while not having access to the net. Aargh.

News 24 are running a big article on Sobig at the moment!

Must be bad.:rolleyes:

dellwear - is that Dermot in your avatar?

Originally posted by SMHarman
dellwear - is that Dermot in your avatar?

Yup - the loverly Dermot.

Grrrrrr:D

Originally posted by dellwear
Yup - the loverly Dermot.

Grrrrrr:D

:notopic:

Loved his little dance routines. The best bit of BB3.

Originally posted by SMHarman
:notopic:

Loved his little dance routines. The best bit of BB3.

Grrrr again;)

I am getting that email virus sent to me at least 25 times a day at the moment :( I now check the emil addys and send then a email telling them that they are sending virus's out

People who write & cause all these viruses must have a screw loose. Have they really nothing better to do in life than to try to harm & wreck other people's computers. These people really do need bloody help

They could be students on the canadian virus writing course

I just recieved this by e-mail:


TITLE:
Special Update: Microsoft Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA9580

VERIFY ADVISORY:
http://www.secunia.com/advisories/9580/

CRITICAL:
Extremely critical

IMPACT:
System access

WHERE:
From remote

REVISION:
3.0 originally posted 2003-08-20

SOFTWARE:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.01

DESCRIPTION:
Microsoft has issued a cumulative patch for Internet Explorer, which fixes multiple vulnerabilities. The worst vulnerability can lead to execution of arbitrary code on the client system via HTML emails or web sites.

1) A cross domain vulnerability exists in the way Internet Explorer retrieves files from the cache. This can be exploited by a malicious HTML document to execute arbitrary scripting in the "My Computer Zone".


2) Internet Explorer determines whether an object is safe when it interprets the file extension specified in the "Object Data" tag. This allows a malicious person to specify a "safe" file with eg. a ".html" extension in "Object Data", which causes Internet Explorer to interpret it as a "safe" file. However, when the file is retrieved by Internet Explorer the "Content-Type" header determines how the file will be treated. This allows an executable file like a ".hta" file to be treated as a "safe" file and be executed silently without restrictions.

NOTE: Further information has been released by http-equiv, proving that the patch from Microsoft is not adequate. Please refer to solution section.

Secunia has constructed a vulnerability test, which can be used to check if you are affected by this issue: http://www.secunia.com/MS03-032/


3) The Kill Bit will be set on the Windows Reporting Tool ActiveX control "BR549.DLL". This ActiveX control contains a vulnerability which could be exploited by malicious HTML documents to execute arbitrary code.

Furthermore, a language specific variant of the older object type tag buffer overflow vulnerability (MS03-020) has been identified and is fixed in this patch.

This update also fixes other minor issues.

The "Object Data" vulnerability is straight forward to exploit. In many ways this vulnerability is similar to MS01-020 which was exploited by notorious viruses like Nimda, Badtrans and Klez.


NOTE: Secunia has discovered exploitation of the "Object Data" vulnerability in the wild. Analysis shows that the exploit installs a program called ADPlus module or SurferBar, which is added to a users Internet Explorer and contains links to various porn sites. The exploit does the following:

1) User receives an email, which exploits the "Object Data" vulnerability.
2) The resource "a.cgi" is automatically requested from a webserver (63.246.130.201), which installs the file "drg.exe" in "C:\".
3) The file is then executed and saves the resource "surferbar.dll" from the same webserver as "win32.dll" (originally named
"adplus.dll") in the "C:\\Program Files\" directory.
4) The file "win32.dll" is then executed by "regsvr32" and adds a bar to the user's Internet Explorer.

SOLUTION:
Deactivate Active Scripting in Internet Explorer, until a patch becomes available which fixes the new variant of the "Object Data" vulnerability.


NOTE: The patch below does not fix the variant of the "Object Data" vulnerability discovered by http-equiv.

The patch is available from: http://windowsupdate.microsoft.com/
or http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp

REPORTED BY / CREDITS:
1) Yu-Arai, LAC
2) Drew Copley, eEye Digital Security
3) Greg Jones, KPMG UK

http-equiv has supplied additional information about exploitation of the "Object Data" vulnerability.

CHANGELOG:
2003-08-21: Updated critical rating and description due to detailed information from eEye.
2003-08-22: Included link to Secunia vulnerability test.
2003-09-03: Secunia has discovered exploitation of the "Object Data" vulnerability in the wild.
2003-09-07: Patch for the "Object Data" vulnerability has been proven inadequate by http-equiv.

ORIGINAL ADVISORY: http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
http://www.eeye.com/html/Research/Advisories/AD20030820.html

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

I'm off to find the patch.
;)