 |
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
 Posted: Sat Mar 20, 2004 6:07 am
NEW VIRUS ALERT - CRITICAL!
|
OK, we just got hit by this new email virus today at ZuggSoft and it totally hosed Chiara's computer. This is a NASTY virus that can infect your system WITHOUT OPENING AN ATTACHMENT! Simply viewing the email message will infect your system unless you are up-to-date on all of your security updates. My system was up to date, but Chiara's was not. When deleting some of the spam messages received for the day that got through our filter, she apparently previewed one of these messages, which then totally corrupted her computer. We are doing a Windows reinstall right now.
So, PLEASE run your Windows Update function right NOW and make sure you have installed all of the manditory security updates for your version of Windows. Trust me, you don't want to get hit with this one.
For more information on this virus, which is called "Bagle", go to www.fsecure.com. |
|
|
|
|
nexela
Wizard
Joined: 15 Jan 2002
Posts: 1644
Location: USA
|
Posted: Sat Mar 20, 2004 6:26 pm
|
Virus's like that make me happy I have a startup moniter
quote:
StartupMonitor is a small utility that runs transparently (it doesn't even use a tray icon) and notifies you when any program registers itself to run at system startup. It prevents those utterly useless tray applications from registering themselves behind your back, and it acts as a security tool against trojans like BackOrifice or Netbus.
http://www.mlin.net/StartupMonitor.shtml
Its a simple tiny program that runs in the background and notifies you when someone/something/someinstall trys to add something to your startup folder or registry/run keys |
|
|
|
|
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
Posted: Sat Mar 20, 2004 7:08 pm
|
In this case I don't think even a startup monitor will help. Check the application list on the FSecure site and see if it is listed. The first thing this virus does when it gets on your system is shutdown any processes that can be used against it. It shuts down your virus checking software and also removes any tools on your system for determining what is happening.
It disabled Ctrl-Alt-Del so I couldn't run the Task Manager to see what was running, and it deleted the MSCONFIG.EXE program so I couldn't examine the RunOnce keys in the Registry. It even prevents you from running RegEdit to look at the keys manually. It's the nastiest thing I have seen.
So, just a suggestion, but don't fool yourself into thinking you are safe. Because this is an exploit in Internet Explorer, even people reading web-based mail like HotMail could potentially be affected.
The *only* way to be safer is to be sure you have installed all of the Critical Updates from the Windows Update site at Microsoft. This doesn't help against new holes that are found, but this particular hole was a couple of months old and if I had installed the specific patch for it, we would have been safe. But there is no indication in the description of the patch how severe the potential hole is. In my book, being able to infect a system by simply reading a message or web page is pretty serious and should have gotten more attention.
Our systems are behind a firewall, run BlackIce to detect threats, have updated (within a few weeks) virus protection, and we never open email attachments. Even with that we got hit. |
|
|
|
|
Dru
Newbie
Joined: 12 Jun 2002
Posts: 1
Location: USA
|
Posted: Mon Mar 22, 2004 8:03 am
|
I've got no reason to doubt ya, Zugg, but something in your post makes me inquire;
[Zugg]: she apparently previewed one of these messages
I'm not familiar with all e-mail clients, but this sounds like a wonderful Outlook 'feature', which has been the source of infectionfor 99% or more of all e-mail based virus issues. People just need to move away from the Microsoft default tools, and this kind of stuff will be avoided.
Now, it if wasn't an MS prog, I'd be curious to know what you're using, and how such a thing happened. |
|
|
|
|
sutex
Newbie
Joined: 09 Mar 2004
Posts: 5
Location: Australia
|
Posted: Mon Mar 22, 2004 8:06 am
|
Run Opera with a proxy, and run your os on D drive not the default. After all the virus is looking for c:windows !![^]
|
|
|
|
|
Eyeless
Wanderer
Joined: 02 Dec 2001
Posts: 80
Location: Canada
|
Posted: Mon Mar 22, 2004 12:08 pm
|
For the simple minded users out there (like me) I think there is a reason some updates make it into the critical updates section. If MS deems it "critical" ... I install it. But then again I must admit, 99% of the time I just update with out even bothering to check what Im installing (so maybe Im a bad example)
But hey I even avoided getting MSBlaster until I got my new computer and went online to get my AV software and SP1...
<Ravages his fast connection with kisses for saving him many headaches> |
|
|
|
|
wexx
Newbie
Joined: 23 Mar 2004
Posts: 1
Location: USA
|
|
|
|
|
|
|
|
