Recent Virus Alerts!
| Listed below are the viruses that T-One has found to be circulating on the net listed by the date we first noticed them. Click on any of the links below to find out more information about them.
As always T-One.Net recommends you do not open any attachments to your e-mail and update your virus programs on a regular basis. |
| 4/8/2005 Fake Microsoft Security Updates Fake emails pretending to be from Microsoft's Security Update System are circulating. Links in the email lure unsuspecting visitors to a web site that looks like Microsoft's security update site, but instead install a Trojan Horse. For additional Information go to: http://news.com.com/Fake+Microsoft+security+updates+circulate/2100-7349-5660042.html?part=dtx&tag=ntop&tag=nl.e433 |
| 2/17/2005 Downloader.trojan Downloader.Trojan is a program that downloads another malicious program from a remote Internet site and executes it on the local system. Norton users go to: http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html |
| 2/17/2005 Trojan.ByteVerify also Exploit.ByteVerify Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system. McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100261 |
| 9/30/2004 Image Virus A virus that exploits the recently discovered JPEG vulnerability has been discovered spreading over America Online's instant-messaging program. Currently there are no links to Norton or McAfee For additional Information go to: http://news.com.com/Image+virus+spreads+via+chat/2100-7349-5390463.html?part=dtx&tag=ntop |
| 7/19/2004 W32.Beagle.AC@mm, W32.Bagle.ag@mm W32.Beagle.AC@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080. McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126795 |
| 6/15/2004 W32.Erkez.B@mm or W32/Zafi.b@MM When spreading via email, the worm will both spoof the sender's From address and send itself out in different languages depending on the top level domain of the recipient's email address. For example, if the address ends in .COM, the virus's email body will appear in English. If the address ends in .DE, the email will appear in German. McAfee users go to: http://us.mcafee.com/root/campaign.asp?cid=10563 |
| 5/4/2004 W32.Sasser.Worm The worm causes some computers to continually crash and reboot, but it does not appear to cause any permanent damage to files or machines. Infected computers then also send out the worm, looking for more victims. So far four variants of Sasser have been spotted on the internet. The latest version, Sasser.D, scans so aggressively for new computers to infect that it may cause networks to become congested with packets of data and slow down. McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125007 |
| 4/26/2004 Backdoor.Nibu.D aka Bloodhound.Exploit.6 etc Please beware of email purporting to link to CNN or BBC footage of a captured Osama bin Laden. If you follow the link and your copy of Internet Explorer isn't current on its updates and patches, you will be installing the Backdoor.Nibu.D virus. This trojan type of virus attempts to steal your passwords and banking information by capturing your keystrokes and taking screenshots of relevant windows, periodically emailing the information back to the attacker. McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101033 For additional Information go to: http://internetnews.com/ent-news/article.php/3344641 |
| 3/4/2004 W32.Beagle.A@mm or W32/Bagle.j@MM Is a variant of W32.Beagle.J@mm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. Sends the attacker the port on which the backdoor listens, as well as the IP address. Attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.
Email is spoofed to say its from one of the following @t-one.net:
McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101069 |
| 1/28/2004 W32.Novarg.A@mm (Norton) W32/Mydoom@MM (McAfee) W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor can download and execute arbitrary files. The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004 McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=mydoom&cid=9547 For additional Information go to: http://www.theage.com.au/articles/2004/01/28/1075088091365.html |
| 11/6/2003 W32.Mimail.C@mm is a variant of W32.Mimail.A@mm that spreads by email and steals information from infected computers. The email has the following characteristics: Subject: Re[2]: our private photos [random string of letters] Attachment: photos.zip Symantec Security Response has developed a removal tool to clean the infections of W32.Mimail.C@mm. McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100795 |
| 8/12/2003 W32.Blaster.Worm or W32/Lovsan.Worm A new Virus called W32/Lovsan.Worm by McAfee and W32.Blaster.Worm by Norton is spreading quickly across the Internet. The worm has been known to cause systems to continually reboot once infected. You can protect yourself from this worm by doing a Windows update which will install a patch. Depending on your version of Windows you can find the Windows Update link either by clicking on Start and locating it in the pop up window or by clicking on Start and then clicking on Programs and locating the link. We encourage all T-One subscribers to install the update immediately. You may also click on the Windows Update link in this paragraph. To read more about the worm click on either the McAfee or Norton anti virus links above. McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547 |
| 8/11/2003 We have been contacted by several of our subscribers concerning an email that is currently circulating. The email message states that your email account with T-One is about to expire. Please be assured the email IS NOT from us and we stress that you SHOULD NOT attempt to open the attachment. |
| 4/24/2003 W32.Coronex@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all the contacts in the Windows Address Book. The email has various subjects, messages, and attachments. The attachment will have a .exe file extension. McAfee users go to: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100260 |
| 1/10/2003 W32.Lirva.A@mm is a worm being spread by e-mail, IRC, ICQ, KaZaA, and other open network shares. Due to how rapidly the worm is spreading it has recently been upgraded from a Category 2 security threat to a category 3 by Symantec (Norton anti-virus). McAfee users go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99949 |
| 10/31/2002 Friend Greeting Application has not been qualified as a virus, because the user must choose to download and install a program for it to infect your computer. However, it can still have unwanted effects on your computer. For additional Information go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99760 |
| 10/4/2002 W32.Bugbear@mm is a mass-mailing worm. It can also spread through network shares. It has keystroke-logging and backdoor capabilities. The worm also attempts to terminate the processes of various antivirus and firewall programs. McAfee users go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99728 |
| 10/4/2002 W32.Opaserv.Worm is a worm that attempts to spread over network shares by copying itself to the WINDOWS directory of remotely accessible machines as SCRSVR.EXE, utilising a WIN.INI run key to load the worm at startup. McAfee users go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99729 |
| 5/13/2002 W32.Klez@mm is a virus with many variants. We recommend you go to your anti-virus programs web site and do a search for 'Klez' to read more about this rapidly circulating virus. McAfee users go to: http://vil.mcafee.com/ |
| 5/3/2002 Jdbgmgr.exe file hoax This is a hoax that, like the SULFNBK.EXE Warning hoax, tries to persuade you to delete a legitimate Windows file from your computer. The file that the hoax refers to, Jdbgmgr.exe, is a Java Debugger Manager. It is a Microsoft file that is installed when you install Windows. McAfee users go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99436 |
| 1/29/2002 W32.Myparty@mm Worm is a mass mailing e-mail worm. The worm comes as an attachment to an e-mail urually with the subject of 'new photos from my party!'. McAfee users go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99332 |
| 12/5/2001 W32.Goner.A@mm worm This worm is spreading quickly and causes more damage than other recent viruses. It can be spread through e-mail, ICQ, and mIRC. This worm arrives with an email message containing the following information: Subject: Hi Attachment: Gone.scr
McAfee users go to: http://www.mcafee.com/anti-virus/viruses/goner/default.asp?cid=2636 |
| 11/27/2001 W32.badtrans.b@mm worm has been recently re-circulating the Internet. The worm comes as an attachment to an e-mail. McAfee users go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99069& |
| 9/25/2001 W32/Vote@MM Virus This is a LOW RISK virus that spreads via email. This worm arrives with an email message containing the following information: Subject: Fwd:Peace BeTweeN AmeriCa And IsLaM ! Body: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! Attachment: WTC.EXE
McAfee users go to: http://www.mcafee.com/anti-virus/viruses/vote/default.asp?cid=2464 |
| 9/19/2001 Nimda Virus is doing nasty NASTY things to mail servers, and clients alike.. and like w32.Sircam, it's a file attachment attack. McAfee users go to: http://www.mcafee.com/anti-virus/viruses/nimda/default.asp?cid=2444 |
| 9/10/2001 W32/Magistr.b@MM Virus has been circulating through e-mail. This virus has been given a MEDIUM RISK status. McAfee users go to: http://www.mcafee.com/anti-virus/viruses/magistr/default.asp?cid=2429 |
| 9/6/2001 W32/Apost@MM worm has been circulating through e-mail. This virus has been given a MEDIUM ON WATCH status. McAfee users go to: http://www.mcafee.com/anti-virus/viruses/apost/?cid=2422 |
| 8/6/2001 FYI T-One has discovered a suspicious looking e-mail traveling the Internet. The e-mail consists of a line of text saying someone has sent you a greeting card and gives you a web page address to click on to retrieve the card. Once at the page you are told your browser needs to be updated and gives you another link to click on to update your browser. |
| 7/25/2001 W32.Sircam.Worm@mm McAfee users go to: http://www.mcafee.com/anti-virus/viruses/sircam/default.asp?cid=2360" |