Go
back |
|||||||||||||||||||||||||||||||||||||||||||||||
Virus UPDATE Archive |
|||||||||||||||||||||||||||||||||||||||||||||||
Dear Sweetwater Cable TV High Speed Access Customer,
We wanted to make you aware of a new worm that is spreading on the
Internet via the major Instant Messenger (IM) programs such as AOL
Instant Messenger (AIM), ICQ, Windows Messenger, and Yahoo!
Messenger. Called IM.GiftCom.All, the worm broadcasts a URL
(Internet link) in a chat session screen that appears to be site
about Santa Claus. If the link is clicked, a file, often named
gift.com, will download and hide on the system. Once activated, the
worm will scan the computer, attempt to shut down anti-virus
software, and log keystrokes, which can then be used to steal
personal information. In addition, the worm will attempt to spread
to other IM clients via the user's buddy list.
If you receive an Instant Message as described above, do not click on
the URL. As with email file attachments, please be cautious about
links and file attachments in any IM communications.
Please be sure you've got a fully funtioning Anti-Virus program
installed and running.
Sincerely,
Sweetwater Cable TV
Tuesday, November 22, 2005
Dear Sweetwater Cable Tv High Speed Access Customers,
There is a new variant of the Sober worm that is spreading quickly on
the Internet. Many of our customers have already been infected, and are
currently passing along this virus. The worm is attached to an email
message, and the virus is compressed in a .zip file. The subject of the
email can be any of the following:
- hi,_ive_a_new_mail_address
- Mail delivery failed
- Registration Confirmation
- smtp mail failed
- Spam: Registration Confirmation
- Your Password
- Your IP was logged
- Paris_Hilton_&_Nicole_Richie
- You visit illegal websites
Attachment: (any of the following)
- mailtext.zip
- mail.zip
- reg_pass.zip
- mail.zip
- reg_pass-data.zip
- question_list.zip
- list.zip
- downloadm.zip
- mail_body.zip
Our email service is protected by emScan, which has been successfully
quarantining the Sober worm. However, because of the increased
activity, we wanted to make you aware of the specific details on the
new variant. Also, please note that emScan will not protect against
viruses received through other email services such as Hotmail or Yahoo.
As always, be sure that you have up-to-date virus protection
software, and be wary of email attachments that you were not
expecting, even if you know the person who sent the email. It is highly
recommended that you verify your system is clean by running one of the
free online scanners from either Panda Anti-Virus or from Trend Micro.
Simply google either to get the link. You should always avoid opening
attachments that end in .exe, .vbs, .bat, .pif , .com and .scr, since
these are the file types that are most commonly used to spread viruses
and worms. In addition, viruses and worms like this one are often sent
as a zipped file (such as .zip) to avoid detection from some virus
scanning software.
Though we don't like to pass along direct links, due to phishing
schemes,there is more information on this email threat:
http://www.sarc.com/avcenter/venc/data/w32.sober.x@mm.html (The address
isn't a working link but you can cut & paste the address into your address bar.)
Sincerely,
Sweetwater Cable TV
Tuesday, May 24th
Dear Sweetwater Cable TV High Speed Access customer,
With the recent outbrake of a couple of nasty viruses, we have been
getting lots of inquiries into odd messages showing up on clients email
Inbox. The bulk of these emails are "returned" for a recipient the
person neither knows, or sent.
I ran across the following article, which explains what is happening
very well. Please take a moment to read it. In addition, the website,
www.komando.com, has many useful articles.
It is hoped you find information such as this useful. If so, terrific,
if not, simply delete.
Sincerely,
Sweetwater Cable TV
KILLER TIP--THE WEEKLY QUESTION SENT IN FROM PEOPLE LIKE YOU!
Q. I think my husband's e-mail has been taken over as a zombie. He has
been getting return messages saying e-mails he sent to people we have
never heard of cannot be delivered. We have Windows XP, firewall
enabled, and Windows automatic updates. We also have AVG anti-virus
software, Spybot-Search & Destroy, SpywareBlaster and Ad-aware, which I
run weekly. Please help us! I don't know what else to do. -- Susanne in
Lilburn, GA, listening on WSB 750 AM
A. Susanne, you only think you have a problem. You're armed to the
teeth, so I doubt that an intruder has compromised your computer.
In all likelihood, the problem is on someone else's machine. That
person has a Trojan that is sending out e-mails. It has picked up your
husband's address, probably from the victim's address book, and used it
as the return address.
What can you do about that? Nothing, unless you can identify the
victimized person. I'd just ride it out.
In the meantime, my hat is off to you for protecting yourself. Be sure
all of your security programs are up-to date. Also, ZoneAlarm is better
than the Windows XP firewall. You can get it free at:
http://www.komando.com/bestshareware.asp
Susanne's concerns raise an interesting issue, though. What do you do
if your computer is a zombie? For those who don't know, zombies are
computers that have been seized by criminals. They are used in large
packs to attack Web sites in extortion plots. Or they can be used to
send huge quantities of spam. And the owner is unaware of the problem.
This is a truly horrendous problem. Security experts believe more than
a million individuals' computers are zombies. If your computer is not
protected, it could be a zombie. And you would probably never know.
The zombie programs are very sophisticated. Once on a computer, many
can turn off firewalls and anti-virus software. And they hide
themselves very well.
Life is much easier if these things don't get onto your computer. Check
Rookie Roundup above for steps you can take to protect yourself.
Theoretically, a good firewall like ZoneAlarm should stop the outbound
transmissions. But you may have given the program permission without
thinking. Or the program may have the ability to disable the firewall
and anti-virus programs. If your security programs are being shut down,
you probably have a problem.
A criminal program can be very difficult to dislodge. If your security
software is being disabled, try running the anti-virus program in Safe
Mode. To do that, reboot and press F8. You will probably have to start
the anti-virus program manually.
You could also use an online anti-virus scan. They're available at
Panda Software and Trend Micro:
http://www.pandasoftware.com/home/default.asp
http://housecall.trendmicro.com/
Again, your best bet is prevention. Check the security page on my site
to be sure you have taken every precaution.
http://komando.com/tips_show.asp?showID=8854
Dear Sweetwater Cable TV High Speed Access customers, I have received numerous reports, concerning infected emails appearing to come from Sweetwater Cable TV, which are being caught in the EMSPAM accounts.The bulk of the emails are either from webmaster@sweetwaterhsa.com or from accountmanager, or some other derivation. These emails are not coming from us, nor are they coming from a valid account. We are trying to locate the infected computers, but so far, they are outside our system and management.
There have been many computers throughout the country infected with the latest virus going around, and like many viruses, they get replicated and sent with out the infected pc's owner knowing it. The best thing to do with the infected emails caught in EMSPAM, is to simply delete them. As always, be sure to install all Critical Windows Updates, and verify your Anti-Virus program is fully updated, and your pc recently scanned.
Sincerely,
Sweetwater Cable TV
Dear Sweetwater Cable High Speed Access Customer,
Due to a recent rash in spyware, worms, viruses and trojans and hacking, we are continuing the process of educating you against these threats. You have recently received emails on Spyware programs (Ad Aware and Spybot), and Anti-virus software.
Up on the scale of complexity, but just as important is the issue of "Port Scans" Webopedia.com has a terrific definition which you should read, but in essence your computer passes data through "Ports". This is a good and necessary thing, but, just as "ports" can be used for useful activities such as emails, surfing, etc, they can also be used against you, by not good people.
There are a number of sites that will let you scan your machine(s) for free, to determine if your computer is a risk to "hacking" Rather than give you the addresses (for fear of phishing), we recommend you go to your favorite search engine, like GOOGLE, and put in "port scan"
There are a bunch of sites that will let you scan your ports for free, the ones at hackerwatch.org/probe, and "shields up" at grc.com come highly recommended.
Now, the problem with doing these things such as "port scans", is what to do with the information. That is up to you. There is a tremendous amount of information available to you on the Internet.
We cannot secure your machines from all of the bad people out there, all we can do is let you know what the threats are, and give you a place to start looking. Locally you can get information from the college, or from your local computer technician. There are many qualified folks that live in our community.
The Internet is not a safe and worry free place. Leaving you computer on all the time, with no protection, is no different than leaving your car unlocked, keys in, and engine on, while you go home and go to bed. Even if all you do is check emails and look at web pages, your computer is at risk for all that is out there on the Net.
This is not an attempt to scare your, or make you afraid of turning on your computer(s), but rather to empower you to learn how the bad guys work, and how you can help yourself from becoming a victim.
There will be more emails to follow, we hope you find them useful. If not, simply delete them. If it is too much information, find a friend, or one of the great folks around here that can help you on a more personal way.
Sincerely, Sweetwater Cable TV
September 17, 2004
Dear Sweetwater Cable TV High Speed Access Customer,
There are currently a number of extremely nasty Trojan "viruses" going around on the Internet, affecting primarily Windows Operating systems.
What these programs are doing, is that they destroying your computers ability to "surf" the Internet, yet continue to send out large quantities of information onto the Internet, causing all kinds of problems. Unfortunately, in most cases this corruption can only be repaired by a full re-formatting of the infected computer.
There have been numerous confirmations of computers affected both in Rock Springs and Green River, with no doubt, many more to follow.
At this point, the only advise that we can give you is to:
1)Maintain your Anti-virus definitions. THIS IS CRITICAL. If you don't have an Anti-virus program. GO GET ONE, TODAY.
2)Maintain your Critical Windows Updates. This includes installing Service Pack 2 for XP systems.
3)Install either "Ad Aware SE" or "Spybot Search and Destroy" or both, (both are free and can be downloaded from download.com) Run either (or both) immediately, and let them quarantine the programs they find. Run them weekly.
4)And just for verification, run an Online Virus Scanner from either Panda, or from Trend Micro. You can click on the link, or if you prefer, simply type the following addresses into your Browsers Address bar. housecall.trendmicro.com http://www.pandasoftware.com/activescan/com/activescan_principal.htm (this software will only run it's free scan using Internet Explorerer. Drop Panda an e-mail requesting they work on an active scan using Fire Fox or Mozilla Browsers.)
We cannot describe in enough detail, how imperitive it is that you protect yourself and your computer. Remember, our responsibility ends at the modem, so if you get infected, it is your responsibility to get your machines repaired.
Sincerely,
Sweetwater Cable TV
