Mobile menu

Pages in topic:   [1 2] >
Urgently update your antiviruses
Thread poster: Uldis Liepkalns

Uldis Liepkalns  Identity Verified
Latvia
Local time: 16:32
Member (2003)
English to Latvian
+ ...
Jun 5, 2003

I received already about 20 of them today, and until update my antivirus didn't detect them.

Sincerely- Uldis


"Kaspersky Labs, an international data security software developer, reports the detection of a new version of the Internet worm Tanatos. The new version of this malicious program, called Tanatos.b, has dangerously destructive capabilities for infecting computer files.
Kaspersky Labs will make more details covering Tanatos.b available shortly.
The defense against Tanatos.b has already been added to the Kaspersky Anti-Virus database. Kaspersky Labs recommends all computer users to update their anti-virus databases."


Direct link Reply with quote
 

Myron Netchypor  Identity Verified
Ukraine
Local time: 16:32
Member (2003)
English to Ukrainian
+ ...
Thank you Uldis Jun 5, 2003

Could you please also specify if this virus comes in attachement or in message body?

[Edited at 2003-06-05 12:23]


Direct link Reply with quote
 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 16:32
Member (2003)
English to Latvian
+ ...
TOPIC STARTER
I can not say Jun 5, 2003

as in my system it ends up in Eudora>Spool as file named "temp.in". I guess it may be different on other systems. Since I updated antivisus bases, I do not see them any more, only my antivirus program keeps reporting successful anihilations.
But it seems to be serious- since I posted the first message, I have received about 10 more of these worms.
Please visit www.kaspersky.com for more info.

Uldis
Myron Netchypor wrote:

Could you please also specify if this virus comes in attachement or in message body?

[Edited at 2003-06-05 12:23]


[Edited at 2003-06-05 12:45]

[Edited at 2003-06-05 13:01]


Direct link Reply with quote
 

Nikita Kobrin  Identity Verified
Lithuania
Local time: 16:32
Member (2010)
English to Russian
+ ...
+ one more (W32/Bugbear.B-mm) Jun 5, 2003

New virus alert: W32/Bugbear.B-mm


Beware of the a new email-borne mass-mailing virus:

On 4th June 2003, MessageLabs the email security company intercepted copies of a new mass-mailing virus called W32/Bugbear.B-mm, and intercepted the first copy originating from the United States.

Name: W32/Bugbear.B-mm
Aliases: W32/Kijmo-mm, W32/Shamur-mm
Number of copies intercepted so far: 300+
Time & Date first Captured: 4th June 2003 11:59GMT
Origin of first intercepted copy: United States
Number of countries seen active: 20 (currently mostly in US and Australia)

Email characteristics:

The sender address may be spoofed, and may not indicate the true address of the sender. The virus contains a number of domains that it appears to be capable of spoofing.

Emails that we have thus far seen have varying subject lines, seemingly relating to information or documents plagiarised from the recipient’s infected machine.

The body-text of the message is variable and appears to be taken from documents and files found on the recipient’s infected machine.

The attachment is compressed in a modified UPX format. The file size is 72,192 bytes. Attachment names are also variable, possibly based on from filenames found on the infected machine with an extension of either .scr, .pif or .exe

For example: Crimbo.exe.scr, Lotto.mbd.pif, 052003.ptx.exe, My Money Backup.mbf.scr, Captletterhead.doc.scr


Virus Behaviour
Initial analysis suggests that the virus is a mass mailer. It appears to be very polymorphic in nature and compressed using a variant of UPX, however, it seems to have the ability to repack or modify itself during each generation, presumably in an attempt to foil simple anti-virus signature fingerprinting techniques.

In some copies that we have stopped, the MS01-020 auto-open exploit has been found, which will automatically execute the attachment just by reading the email on an unpatched Windows system.

Virus Payload
Initial analysis indicates that this virus may also be able to disarm local security software, such as anti-virus or firewall software. It may also be able to spread via network shares, as was the case with the earlier Bugbear.A strain. Furthermore, it may also install a key-logging trojan component that will enable an unscrupulous hacker to take control of the infected machine and download a file containing the user’s keystrokes, including information entered on websites such as passwords or credit-card details for example.

Comment
The virus includes a number of domain names that it appears to be capable of spoofing, including many major international banks, financial institutions and government authorities.

Paul Wood, Chief Information Analyst at MessageLabs said, “This is a particularly worrying trend in terms of the social engineering techniques now almost customary for any new virus to take hold.

Particularly worrying is the fact that not only can Bugbear leach confidential information from an infected machine, but it may also leave a backdoor wide open for hackers to take control of the machine and misappropriate passwords, credit-card details or for some other nefarious purpose.

“From the pattern of Bugbear.B emails that we have stopped already this morning, we anticipate that this is likely to reach high-level outbreak very soon, particularly as the US begin to come online.”

Detection
MessageLabs detected all strains of this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.

For further information, please visit the MessageLabs website at: http://www.messagelabs.com and

http://www.messagelabs.com/viruseye/info/default.asp?virusname=W32/BugBear.B-mm&frompage=virus%20search&fromurl=/viruseye/search/default.asp


Direct link Reply with quote
 
xxxMarc P  Identity Verified
Local time: 15:32
German to English
+ ...
General solution Jun 5, 2003

Thank you to all who have provided helpful advice on the subject of virsues.

I wonder, though, why it is not possible for those who are vulnerable to attack to make their systems secure. No one should be running a system which automatically executes malicious code. If they are, shouldn't they change the configuration? And if the configuration can't be changed, shouldn't they move over to a more secure system?

Saying "look out for this car thief, he is wearing a red sweater and white running shoes" is all very well. Is it not better to tell people to lock their cars?

Just a thought.

Marc


Direct link Reply with quote
 

Bill Greendyk  Identity Verified
United States
Local time: 10:32
Member (2002)
Spanish to English
+ ...
Good logic, Marc! Jun 5, 2003

MarcPrior wrote:


Saying \"look out for this car thief, he is wearing a red sweater and white running shoes\" is all very well. Is it not better to tell people to lock their cars?

Just a thought.

Marc



What a clever way of putting it, Marc! I like that! I quite agree with you. With all the anti-virus software out there, who would even dare run their computer these days without it?

Bill


Direct link Reply with quote
 
xxxMarc P  Identity Verified
Local time: 15:32
German to English
+ ...
Who indeed Jun 5, 2003

Bill Greendyk wrote:
What a clever way of putting it, Marc! I like that! I quite agree with you. With all the anti-virus software out there, who would even dare run their computer these days without it?

How can I put this... there is no anti-virus software for Linux, so...

Marc


Direct link Reply with quote
 

Francisco Herrerias  Identity Verified
United States
Local time: 07:32
Member (2012)
French to Spanish
+ ...
As far as I know... Jun 5, 2003

MarcPrior wrote:

Bill Greendyk wrote:
What a clever way of putting it, Marc! I like that! I quite agree with you. With all the anti-virus software out there, who would even dare run their computer these days without it?

How can I put this... there is no anti-virus software for Linux, so...

Marc


there is no virus for linux...

Quite nice!


Direct link Reply with quote
 

Uldis Liepkalns  Identity Verified
Latvia
Local time: 16:32
Member (2003)
English to Latvian
+ ...
TOPIC STARTER
I see the discusion has taken Jun 5, 2003

quite a turn. Why I posted this warning in the first place- my antivirus provider Kaspersky normally releases one update a day, and I have set the automatic update time to 7 PM. Normally that's enough, but if the virus starts spreading at 10 AM... Kaspersky guarantees update within 2 hours the new virus is sighted anywhere in the World, and when after sigting the first 10 viruses visually I updateded, the update was there. But there are other antivirus providers, who offer automatic updates weekly
Yes, I do not execute files named “Britney_Spears_naked.exe” more often than I do run ordinary “Virus.exe”, but none the less, it’s much more comfortable, when your antivirus is updated and you do not have to delete viruses manually. By the way, most of them can not be deleted simply by a command Del, you have to use Shift+Del.

My editing was caused because command description written in parenthesis for whatewer reason doesn't appear in the post...
[Edited at 2003-06-05 19:31]

[Edited at 2003-06-05 19:53]


Direct link Reply with quote
 

Rick Henry  Identity Verified
United States
Local time: 09:32
Italian to English
+ ...
False sense of security. Jun 6, 2003

While a virus or trojan isn´t common on Linux, it is possible to write malicious code on any platform. The damage may be confined to the user´s space instead of the entire operating system, but it can be done and has been done.
Bottom line, it still comes down to the user acting responsibly.

R.
==
Francisco Herrerias wrote:
there is no virus for linux...

Quite nice!


Direct link Reply with quote
 
xxxMarc P  Identity Verified
Local time: 15:32
German to English
+ ...
Viruses for Linux Jun 6, 2003

As Rick says, Linux viruses do exist. I was just pointing out that Linux virus detection software doesn't exist, to my knowledge. (Software which detects Windows viruses does exist for installation on Linux servers.)

Rick is also right about the false sense of security. Linux is generally more secure than Windows, but that is not the main reason for the lack of Linux viruses. The main reason is that Linux software generally has a very defensive default configuration, and also that Linux desktop users (the few that there are) are generally more aware of the security issues.

Like most people, I have been receiving lots of e-mails with .pif attachments of late. But: 1) my system does not open/execute them automatically; 2) if I click on them to try to open/execute them, a security warning dialog appears before anything is done; 3) before opening/executing them, I have to select and/or acknowledge what application will be used (and if, for example, it's Acrobat Reader, I can be confident that whatever the attachment contains is harmless). On Linux, it's far easier to delete a file by mistake (and, unlike Windows, a deleted file can't be retrieved) than it is to open/execute an attachment by accident.

Surely Windows can be configured to behave the same way - it's not THAT bad.

Marc


Direct link Reply with quote
 

Katalin Szilárd  Identity Verified
Hungary
Local time: 15:32
Member (2006)
English to Hungarian
+ ...
Anybody with this e-mail address ? "info@mail.ieg.com.br" Scan your computer! Jun 6, 2003

I have just got an e-mail with an attchment (97 kb) from this sender.

Sender: info@mail.ieg.com.br
Subject:
[ProZ.som Kudoz] tie-tamping (
English>Portugese)

I didn't open it.
Probably it's infected with virus.
If somebody has that e-mail address, or knows it, please update your antiviruses
and scan your computer!

Kind regards,
Katalin


Direct link Reply with quote
 

Milos Prudek  Identity Verified
Czech Republic
Local time: 15:32
English to Czech
+ ...
Not entirely true Jun 6, 2003

[quote]Rick Henry wrote:

While a virus or trojan isn´t common on Linux, it is possible to write malicious code on any platform. The damage may be confined to the user´s space instead of the entire operating system, but it can be done and has been done.

This is not the whole picture. If your Linux system is set up properly, it is impossible to suffer any damage from a wanna-be virus.

The proper setup in three steps:

1. Normal users are prohibited to install software. Period. (You need to put user home directories on a separate disk partition and specify this partition as "no execute")

2. System administrator installs only verified software, using digital signatures to verify authenticity.

3. System administrator also logs in as a regular user, UNLESS he is going to administer the system. Immediately after finishing his admin role, he relinquishes his admin permissions and becomes a normal user.

Very simple, 100% effective.


Direct link Reply with quote
 

Rick Henry  Identity Verified
United States
Local time: 09:32
Italian to English
+ ...
Not to distract from the topic, but... Jun 6, 2003

that´s a pretty Draconian way of looking at things.
First, we´re talking about desktops and laptops, not servers or mainframes. I highly doubt most people using PCs for translation purposes are going to have an administrator at their disposal (unless they work for a huge translation agency).
Second, under your scenario I wouldn´t even be allowed to write a script to do anything - sort, calculate, whatever.
Maybe it´s just me, but I think computers should serve people, not the other way around.
Sorry for the little rant, but BOFH biases are a pet peeve of mine (for those that don´t know what BOFH stands for, I´ll leave you to do a search online). Suffice it to say it´s a stage that every admin. goes through at some point in their career (usually early on).
I was an admin. for 18 years, and I went through that stage as well

R.
==

Milos Prudek wrote:
This is not the whole picture. If your Linux system is set up properly, it is impossible to suffer any damage from a wanna-be virus.

The proper setup in three steps:

1. Normal users are prohibited to install software. Period. (You need to put user home directories on a separate disk partition and specify this partition as "no execute")

2. System administrator installs only verified software, using digital signatures to verify authenticity.

3. System administrator also logs in as a regular user, UNLESS he is going to administer the system. Immediately after finishing his admin role, he relinquishes his admin permissions and becomes a normal user.

Very simple, 100% effective.


Direct link Reply with quote
 

two2tango  Identity Verified
Argentina
Local time: 11:32
Member
English to Spanish
+ ...
Computers are tools to be used Jun 7, 2003

Rick Henry wrote:
Maybe it´s just me, but I think computers should serve people, not the other way around.


Not just you, Rick, there´s at least two of us.
Regards
Enrique


Direct link Reply with quote
 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Urgently update your antiviruses

Advanced search






Anycount & Translation Office 3000
Translation Office 3000

Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.

More info »
Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs