Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Virus writers trade insults as e-mail users suffer Some 20 variants spreading ....
MSNBC ^ | Updated: 3:31 p.m. ET March 03, 2004 | Bob Sullivan - Technology correspondent

Posted on 03/03/2004 12:41:12 PM PST by Ernest_at_the_Beach

Hacks, Viruses, Scams & Spam
Virus writers trade insults as e-mail users suffer
Some 20 variants spreading across Net at furious rate
By Bob Sullivan
Technology correspondent
MSNBC
Updated: 3:31 p.m. ET March  03, 2004

With 20 variations of the Mydoom, Netsky and Bagle viruses circulating around the Internet, it's becoming clear that computer virus writers are engaged in some kind of can-you-top-this game. And it's Internet users who are suffering collateral damage. 

advertisement
E-mail inboxes around the world are teeming with cryptic notes that have simple messages like "Here is the file," or "I want a reply." When antivirus companies give names to malicious programs, they add letters to virus names as a way of indicating variants, with NetSky.A being the initial version, NetSky.B the second variation, NetSky.C the third, etc. On Wednesday, researchers were up to NetSky.F, Bagle.K, and Mydoom.H.

Internet gang warfare?

<<<<<< See the link >>>>>>>>>>>

(Excerpt) Read more at msnbc.msn.com ...


TOPICS: Crime/Corruption; Culture/Society; Editorial; Extended News; News/Current Events; Technical
KEYWORDS: internetsecurity; internetviruses; techindex
I have been wondering why I was getting updates every day from several sources including MS.
1 posted on 03/03/2004 12:41:12 PM PST by Ernest_at_the_Beach
[ Post Reply | Private Reply | View Replies]

To: *tech_index
ndx
2 posted on 03/03/2004 12:41:52 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
For those that use Norton, Symantec released a new patch yesterday.
3 posted on 03/03/2004 1:00:34 PM PST by BJClinton (Fool me once, shame on you; fool me twice, I'm a registered Dem.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BJClinton
McAfee released a new update today. They've had updates almost everyday this week. MS has been sending out many updates too. Just need to be vigilant.
4 posted on 03/03/2004 1:06:48 PM PST by bird4four4
[ Post Reply | Private Reply | To 3 | View Replies]

To: Ernest_at_the_Beach
My mailbox has been flooded with infected emails this past week. Three or four a day. Netsky and Bagle in particular. Nuisance.
5 posted on 03/03/2004 1:10:43 PM PST by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BJClinton
Never mind yesterday, there was another issued today.
6 posted on 03/03/2004 1:16:13 PM PST by ExpandNATO
[ Post Reply | Private Reply | To 3 | View Replies]

To: Ernest_at_the_Beach; All

Alternative browsers:
http://www.mozilla.org/
http://www.opera.com/

Free anti-viral protection:
http://www.grisoft.com/us/us_dwnl_free.php

Popup ad killers:
http://www.bayden.com/popper/

Close that friggin' Messenger in Windows XP:
http://grc.com/stm/ShootTheMessenger.htm

Spyware removers:
http://www.safer-networking.org/index.php?lang=en&page=download
http://www.lavasoftusa.com/
http://www.wilderssecurity.net/spywareblaster.html

Good for pre-screening & bouncing SPAM:
http://mailwasher.net/

Script Defender ( stop that nonsense from running unwelcome scripts ):
http://www.analogx.com/welcome.htm
_________________

7 posted on 03/03/2004 1:18:20 PM PST by backhoe
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
has MSFT issued any Outlook patches yet?
8 posted on 03/03/2004 1:19:22 PM PST by oceanview
[ Post Reply | Private Reply | To 1 | View Replies]

To: backhoe
*ctrl+D* Thanks for the post, backhoe, I'll be using it.
9 posted on 03/03/2004 1:21:33 PM PST by pianomikey (I found my jenga jam)
[ Post Reply | Private Reply | To 7 | View Replies]

To: pianomikey
Thanks for looking- Martin Fierro originated that list & I added a little to it- it's good stuff.
10 posted on 03/03/2004 1:22:50 PM PST by backhoe
[ Post Reply | Private Reply | To 9 | View Replies]

To: oceanview
What do you want? A patch for Outlook that stops it from sending mail? Not good for a email program. It isn't Outlook that breaks. Outlook is responding to virus scripts and programs that users ~RUN~.
11 posted on 03/03/2004 1:24:04 PM PST by HairOfTheDog
[ Post Reply | Private Reply | To 8 | View Replies]

To: HairOfTheDog
some of these viruses are hidden in ZIP file attachments. what's broken, Outlook or WINZIP?
12 posted on 03/03/2004 1:28:35 PM PST by oceanview
[ Post Reply | Private Reply | To 11 | View Replies]

To: oceanview
Neither are broken. If the user runs a program, what would you like a computer to do? (Hint: You want it to run the program) Email viruses are user-activated programs.

Winzip did what it was supposed to do, it shrank the program down in size. But you still had to activate it.
13 posted on 03/03/2004 1:37:21 PM PST by HairOfTheDog
[ Post Reply | Private Reply | To 12 | View Replies]

To: oceanview
I noticed that, too. Putting the executable in a .zip attachment would seem to make it even less likely to get executed, but then again judging by the volume of the crap, apparently a lot of people are dumb enough to open the zip file in the attachment and then run the zipped executable.

These email "viruses" are a pain, but they're also quite "dumb" in that they require the user to run the executable. By now, anyone dumb enough to open an attachment they know nothing about deserves pretty much whatever they get.
14 posted on 03/03/2004 1:39:26 PM PST by -YYZ-
[ Post Reply | Private Reply | To 12 | View Replies]

To: Ernest_at_the_Beach
I've been getting hit with a few of these nastys this week.
Fortunately, vigilance with the anti-viral software has kept me out of trouble.

Although I'm not sanctioning violence...someday, when one of these virus
writers is taken out by some vigilante justice...there won't be all that
many tears.
Personally, I'd prefer they are just tortured.
As in being kept in a room without access to a computer or any other electrical device
for at least 20-40 years.
15 posted on 03/03/2004 1:44:20 PM PST by VOA
[ Post Reply | Private Reply | To 1 | View Replies]

To: VOA
No compassion at all! LOL!
16 posted on 03/03/2004 1:48:11 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 15 | View Replies]

To: ExpandNATO
Ah, I thought the one I downloaded today was from yesterday.
17 posted on 03/03/2004 1:49:58 PM PST by BJClinton (Fool me once, shame on you; fool me twice, I'm a registered Dem.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: backhoe
One of my favorite sites for Windows vulnerabilities:

Gibson Research
18 posted on 03/03/2004 1:51:52 PM PST by BJClinton (Fool me once, shame on you; fool me twice, I'm a registered Dem.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: BJClinton
Appreciate the link.
19 posted on 03/03/2004 1:59:20 PM PST by backhoe
[ Post Reply | Private Reply | To 18 | View Replies]

To: VOA
I agree.

A month or two ago, I received over 1,000 copies of that virus. That is "one thousand." I own a couple of domain names, and the spammer/virus jerk used one of them as a "sent from" email address. So I received tons of "bounced back" emails.

I use a Mac, and so I won't get that virus, and I use spam filters, so most go into a separate mailbox. But it's still a huge hassle. I've saved most of them, in case they catch the guy. I'm planning on filing a lawsuit against him for misrepresentation, etc. Seriously.
20 posted on 03/03/2004 2:04:19 PM PST by Theo
[ Post Reply | Private Reply | To 15 | View Replies]

To: Theo
I'm planning on filing a lawsuit against him for misrepresentation, etc.
Seriously.


When contemplating what should happen to hackers/spammers, I recollect
an old article that I read about alarms for motorcycles.

The article mentioned that your hard-core Hells Angels types preferred
silent alarms for their Harleys.
I've had to examine my soul in contemplating what I'd do if I ever had some sort of
"silent alarm" that would give the address of the spammer living a few blocks away.

OK, I'd call the FBI, but only after fantasizing how delicious it would
be to deal out a bit of real-world justice to one of these evil pencil-necked geeks.
21 posted on 03/03/2004 2:11:45 PM PST by VOA
[ Post Reply | Private Reply | To 20 | View Replies]

To: backhoe
I use AVG Antivirus (free, and great), and preview all my mail with MailWasher. I received probably 100 virus messages, but deleted them all before downloading them from the server with MailWasher.
22 posted on 03/03/2004 2:18:02 PM PST by atomicpossum (Fun pics in my profile)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ernest_at_the_Beach; All
Maybe some of you folks more technological than I can help me...My PC keeps shutting down randomly. I mean it completely turns off. I then have to restart it. Sometimes it will shut down again immediately after I restart it and sometimes it won't. I did an online scan using HouseCall and it located a trojan in two files. I deleted those files. My Norton isn't picking up anything at all.
23 posted on 03/03/2004 2:20:37 PM PST by PleaseNoMore
[ Post Reply | Private Reply | To 1 | View Replies]

To: VOA
Although I'm not sanctioning violence...someday, when one of these virus writers is taken out by some vigilante justice...there won't be all that many tears. Personally, I'd prefer they are just tortured. As in being kept in a room without access to a computer or any other electrical device for at least 20-40 years.

What I don't get is why these virus writers waste their time setting up denial-of-service attacks against Microsoft and SCO. It seems to me they could actually do some good by targeting some of the spam-friendly ISPs (some in China and Brazil come to mind) that shelter the constant spam operations that are really clogging up the internet. People would want to get infected to help take part, and once the spam-friendly ISPs knew they would get their business disrupted, they'd have a lot less reason to shelter the spamming scum and we'd see the profitabilty of those operations plummet...

24 posted on 03/03/2004 2:22:32 PM PST by atomicpossum (Fun pics in my profile)
[ Post Reply | Private Reply | To 15 | View Replies]

To: PleaseNoMore
Maybe try "TrojanHunter". It's from Sweden (Michel?) and you can get a 30-day evaluation
copy. Using it and my virus software (with lots of repeated cleansings) I managed
to kill off an exceedingly nasty trojan a couple of weeks ago.

I also recommend "Spybot S&D". I don't know if spyware could be part of your problem...
but my first run of Spybot revealed a LOAD of spyware on my machine. And seemed
to really clean it out.

Also, for information, you might check the "lessons" area of www.jefflevy.com.
While you might have to do some searching through the lesson topics, you
might find something dealing with involuntary shut-downs.
25 posted on 03/03/2004 2:30:46 PM PST by VOA
[ Post Reply | Private Reply | To 23 | View Replies]

To: VOA
Thanks so much. There are so many programs out there that I was honestly lost on which ones to try.
26 posted on 03/03/2004 2:32:05 PM PST by PleaseNoMore
[ Post Reply | Private Reply | To 25 | View Replies]

To: PleaseNoMore
Norton won't pick up those critters.

Start here:

Maintaining Your Privacy on the WWW:
Stop Spyware, Trojans, and Intruders

27 posted on 03/03/2004 2:43:13 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: PleaseNoMore
There are so many programs out there that I was honestly lost on which ones to try.

That's no lie!

Oh, I forgot the REAL advice.
If your machine can stay on long enough...
BACKUP, BACKUP, BACKUP!!!
Try to copy all the data off your machine possible before you try to fix it.
And make a re-boot disk before you do any work.
And, although this is in the worst-case scenario...if you don't have it, try to locate
a CD of the operating system for your machine, in case you've got to do a
total re-install (in which case you'll lose anything you didn't backup!!!).

Checking out that www.jefflevy.com site for info, plus trying (if your machine
will stay on for a bit) good, up-to-date anti-virus, along with Spybot and TrojanHunter
might help.

The machine I cleaned up was an aged Dell (still on Windows 95!).
It took most of a day and lots of sweat...but I was a pretty proud novice
when I realized I'd actually "cured, not killed, the patient".
28 posted on 03/03/2004 2:43:22 PM PST by VOA
[ Post Reply | Private Reply | To 26 | View Replies]

To: PleaseNoMore
Pest Patrol is recommended by some!
29 posted on 03/03/2004 2:45:18 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: BJClinton
For those that use Norton, Symantec released a new patch yesterday.

Available via Live Update? Or does it need to be downloaded from the Symantec site?

30 posted on 03/03/2004 2:45:23 PM PST by Bloody Sam Roberts (Do a little dance...make a little love...get down tonight.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: atomicpossum
I use AVG Antivirus (free, and great), and preview all my mail with MailWasher.

That is exactly what I do... AVG had a 2+ megabyte update today. Just after I sent a link to this stuff to my wife at work, she started getting them, about 25 at a time. Darn vermin!

31 posted on 03/03/2004 2:45:37 PM PST by backhoe (--30--)
[ Post Reply | Private Reply | To 22 | View Replies]

To: backhoe; PleaseNoMore; Bloody Sam Roberts
And here is something interesting I am gonna look at:

Hacker Eliminator

Hacker Eliminator picks up where anti virus scanners and firewalls leave off.

32 posted on 03/03/2004 3:03:54 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 31 | View Replies]

To: All
Monthly fee with the Hacker package!
33 posted on 03/03/2004 3:09:49 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Ernest_at_the_Beach
Looks promising- thanks for the link!
34 posted on 03/03/2004 3:10:31 PM PST by backhoe (--30--)
[ Post Reply | Private Reply | To 32 | View Replies]

To: VOA
Ran TrojanHunter... pulled no less than 7 trojans off a computer I *assumed* relatively clean. Thanks for the post, even if it is trial... it got the job done it appears.
35 posted on 03/03/2004 3:11:50 PM PST by pianomikey (I found my jenga jam)
[ Post Reply | Private Reply | To 25 | View Replies]

To: All
Another source of info:

Adware, Spyware and other unwanted "malware" - and how to remove them

36 posted on 03/03/2004 3:28:29 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 31 | View Replies]

To: PleaseNoMore
Ummmm. Open the cover on the PC, pull out your vaccuum cleaner and remove the thick coating of dust from your power supply that is probably causing your system to overheat and shut down.

Paul
37 posted on 03/03/2004 3:36:00 PM PST by spacewarp (Visit the American Patriot Party and stay a while. http://www.patriotparty.us)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Ernest_at_the_Beach
Just got this -

Dear G.com members:

There are several emails being sent around that appear to be coming from
Guitar.com or Gbase.com. The addresses that these emails are being sent from
are:

management@guitar.com
sales@guitar.com
administration@guitar.com
sales@gbase.com
administrator@gbase.com

More than likely there are a few more floating as well. The text of the
email is as follows:

Dear user of Guitar.com,

Our main mailing server will be temporary unavaible for next two days, to
continue receiving mail in these days you have to configure our free
auto-forwarding service.

For details see the attach.

For security purposes the attached file is password protected. Password is
"80667".

The Management
The Guitar.com team


Of course, the attachment is a virus. We are sending this email today
advising you of this determental act. IT IS IN NO WAY AND IN NO FASHION
RELATED TO GUITAR.COM NOR IS IT BEING SENT BY GUITAR.COM. Do not open these
emails and if you do, be sure to run your virus software immediately.

Don Dawson
Managing Director
Guitar.com
Gbase.com

38 posted on 03/03/2004 3:43:30 PM PST by Senator Pardek
[ Post Reply | Private Reply | To 1 | View Replies]

To: Senator Pardek
Damn!
39 posted on 03/03/2004 3:53:53 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 38 | View Replies]

To: pianomikey; PleaseNoMore
Ran TrojanHunter... pulled no less than 7 trojans off a computer I *assumed* relatively clean.

Great to hear you have cleaned things up.

I'll add a few things about my experiences:
1. Combination of TrojanHunter with anti-virus software?
When I had the afore-mentioned nasty trojan, TrojanHunter found, highlighted
and snuffed out at least part of the problem. As a novice, I think that what it found
was something in the registry that helped it (TrojanHunter) identify the
offending trojan and know that it needed to remove SOME lines of code of the trojan.
BUT, even after this happened, problems persisted...even after running TrojanHunter,
our Sophos Anti-Viral and Spybot S&D each about three times.

FINALLY, taking a hint from the Sophos reference/knowledge database,
I selected the "delete" option for removing infected files.
Problem ended...Badabingbadaboom.

So, take this with a grain of salt, but my limited experience does at least make
me think that sometimes VERY minor changes in software settings can radically
increase the efficacy of software that identifies and kills "malware".

2. TrojanHunter (3.8) and Spybot S&D compatibility
What was great about these two was that these programs actually run well with
the aged Windows95.
One little thing to note: at least when I run a Sophos anti-viral scan, it returns
"errors" (that have NO positive/negative effect) that basically tell me
that Sophos can't scan the Spybot S&D files.
I'm just mentioning this little wrinkle, so that y'all won't be concerned if your
anti-viral program freaks out after you install Spybot R&D.
40 posted on 03/03/2004 5:44:04 PM PST by VOA
[ Post Reply | Private Reply | To 35 | View Replies]

To: spacewarp; PleaseNoMore
Open the cover on the PC, pull out your vaccuum cleaner and remove the thick coating of
dust from your power supply that is probably causing your system to overheat and shut down.


It could be that you've "cut to the chase".
This would be something that should be tried before spending long hours on
attempts to see if malware is the problem.
Especially if the computer is even a year or so old...and/or
in a location prone to lots of dust accumulation (e.g., sitting on the floor).

(Of course, I have an excuse for not recollecting this smart first move...
"I'm just a novice"!)
41 posted on 03/03/2004 5:51:07 PM PST by VOA
[ Post Reply | Private Reply | To 37 | View Replies]

To: VOA
And you have been registered here since 1998?
42 posted on 03/03/2004 6:29:03 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 41 | View Replies]

To: Ernest_at_the_Beach
And you have been registered here since 1998?

Well, cleaning up the accumulated detritus on an aged Dell (Win95!) and not
losing "the patient"...that's not my day-job or hobby!

Shooting from the hip on threads and pontificating...now I'm no novice on that! LOL!
43 posted on 03/03/2004 6:42:24 PM PST by VOA
[ Post Reply | Private Reply | To 42 | View Replies]

To: VOA
ROFL!

Carry on!!
44 posted on 03/03/2004 7:13:05 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Ernest_at_the_Beach
I just got an update which appears to be from Microsoft with an attachment named "DELETEDO.TXT". Does anyone know what this is? Frankly, I'm not opening any attachments unless I know what it is.
45 posted on 03/04/2004 9:35:31 AM PST by redhawk
[ Post Reply | Private Reply | To 1 | View Replies]

To: redhawk
An email?
46 posted on 03/04/2004 12:52:12 PM PST by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 45 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson