Discussion in 'Technical' started by Seacowboys, Feb 1, 2006.

  1. Seacowboys

    Seacowboys Senior Member Founding Member

    Urgent virus warning

    Posted on 02/01/2006 3:15:58 PM PST by djf

    Just got this email. Posting this here as a warning to other Freepers.


    and I checked it out with truthorfiction.com and it is true.

    Emails with pictures of Osama Bin-Laden hanged are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!

    This e-mail is being distributed through countries around the globe, but mainly in the US and Israel.

    Don't be inconsiderate; send this warning to whomever you know.

    If you get an email along the lines of "Osama bin Laden Captured" or "Osama Hanged" don't open the attachment.

    Confirmed at: http://www.snopes.com/computer/virus/osamahanged.asp

    Origins: There are few headlines that would grab the attention of more computer users around the world than "Osama bin Laden Captured," and that's exactly what whoever created this lure was counting on to snare unsuspecting victims who use Microsoft platforms.

    "Osama bin Laden Captured" isn't a virus in itself; it's the text of a message that includes a link to a file called EXPLOIT.EXE. When a message recipient clicks on this link to view what he thinks are pictures of Osama bin Laden's capture, he can end up downloading an executable Trojan known as Backdoor-AZU, BKDR_LARSLP.A, Download.Trojan, TrojanProxy.Win32.Small.b,or Win32.Slarp. Clicking the embedded link in

    the "Osama bin Laden Captured" message auto-executes a file called "EXPLOIT.EXE," which exploits a known security hole to download the Trojan. According to McAfee Security:

    The Trojan opens a random port on the victim's machine. It sends the Port information to a webpage at IP address The Trojan listens on the open port for instructions and redirects traffic to other IP addresses. Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous
  2. Bear

    Bear Monkey+++ Founding Member Iron Monkey

    Thanks !!!!.... is this related to the worm that's supposed to hit on Friday as well?
  3. melbo

    melbo Hunter Gatherer Administrator Founding Member

    THanks. Sending this out now.
  4. melbo

    melbo Hunter Gatherer Administrator Founding Member

    I think this is the one you speak of Bear.

    Computer Worm Threatens Major Destruction Friday

    Wednesday, February 01, 2006

    NEW YORK — Friday may be D-day, as in "destruction day," for millions of Windows computer users.

    That's the day a notably pesky e-mail worm, variously called "Nyxem.E," "CME-24," "BlackWorm," "Mywife.E," "KamaSutra" and "VB.bi," among other names, is set to detonate its deadly payload.

    Once activated, the worm will corrupt all documents on a infected machine with the following file extensions: .dmp, .doc, .mdb, .mde, .pdf, .psd, .ppt, .pps, .rar, .xls and .zip.

    That means almost all files created using Microsoft Word, Microsoft Excel or Microsoft PowerPoint could be lost forever, as well as "raw" Adobe Photoshop files, PDF files used by Adobe Acrobat and competing PDF readers, and several kinds of database and compression files.

    Hundreds of thousands of Windows machines are believed to have already been infected, mostly in India, Peru, Turkey and Italy, said Mikko Hypponen, chief research officer for Finnish security company F-Secure Corp.

    The worm also tries to disable anti-virus software that is out of date, Hypponen said. Thus, users should make sure their software is turned on and has the latest definitions, generally available for free from the software vendor's Web site.

    F-Secure also has created free removal tools for two different versions of the worm, available here and here.

    "If you are infected, and you find out about it today, you still have time to get rid of the virus," Hypponen said.

    Nyxem.E hasn't spread as far or as fast as many recent e-mail worms. But worms these days are generally meant to help spammers and hackers carry out attacks, not destroy files, so the impact this time may be more severe.

    Microsoft Corp. issued an advisory Tuesday warning customers about the worm, which affects most versions of Windows.

    Users should be safe if they have the latest anti-virus software or if their computers are set with limited privileges, a common setting in larger organizations.

    They are vulnerable if they, like many small business and home users, leave their computers set with full administrative rights.

    Users should also check the date on the computer. The worm hits the third of every month, so if the computer's local calendar settings are off, Hypponen said, files may be destroyed sooner or later, even if the computer is never turned on Friday.

    The Associated Press contributed to this report.
survivalmonkey SSL seal        survivalmonkey.com warrant canary