New Virus

[Georgi]

Warning for everyone, just got this email...

A new virus is circulating worldwide via email. It is called W32.VoteA@mm
and the subject is Fwd: Peace BetweeN AmeriCa and IsLaM! The attachment is
called WTC.EXE.

If the WTC.EXE attachment on an incoming email is opened it will email
itself to all the contacts in your address book. The virus will attempt to
delete several folders from your C drive and try to format your hard drive
when you reboot your machine, thus destroying the data on your C drive.

[Mr Sleep]

Just to add to georgis comments:

This is a LOW RISK virus that spreads via email.

This worm arrives with an email message containing the following information:

Subject: Fwd eace BeTweeN AmeriCa And IsLaM !

Body: Hi
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!

Attachment: WTC.EXE

What the virus does

This virus arrives as an email attachment. Executing this attachment causes the virus to send itself to all users found in the Microsoft Outlook Address Book.

In addition, the virus will attempt to overwrite all .HTM and .HTML files on all fixed and network drives with the text:

AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You .

The hidden file attribute is also set on these files, so they may no longer be visible unless you have selected that viewing option.

The virus also contains instructions to delete all files in the WINDOWS directory and to display a message box containing the text:

"I promiss We WiLL Rule The World Again...By The Way,You Are Captured By ZaCker !!!"

It will attempt to reformat the C: drive when the computer is rebooted.

The main executable also attempts to delete anti-virus software from specific directories and to download a trojan from a YAHOO users site.

[Xandax]

It is incredible, in the last 4 weeks, I've been attacked 3 times by various Trojan virus' and by "I Love You" and yesteday by Nimda good thing I got both firewall and anti-virus so none got through to my computer

[ 09-25-2001: Message edited by: Xandax ]

[Mr Sleep]

Originally posted by Xandax:
<STRONG>It is incredible, in the last 4 weeks, I've been attacked 3 times by various Trojan virus' and by "I Love You" and yesteday by Nimda good thing I got both firewall and anti-virus so none got through to my computer

[ 09-25-2001: Message edited by: Xandax ]</STRONG>

Amen for firewalls

[Xandax]

Originally posted by Mr Sleep:
<STRONG>Amen for firewalls </STRONG>

Yeah - I send a silent prayer to Symantech each time it pops up and tells my that IP## has tryed to gain acces to my computer.

I've never been affected by a virus before - and now I've been attacked 5 times within a month , weird.

[Yshania]

The sick thing about this virus is the subject it is piggy backing, I mean! some people

Is this firewall worth having then as opposed to regular virus scans, I believe I have read somewhere that it can cause problems in itself...

Thanks

[Rob-hin]

I heard this thing today about how you can protect your friends (and vice versa).

If a virus sends it to all your addresses in outlook, than this will help.

Add a new address in your addressebook, name this 0000 and give it no email address.
If the virus duplicates itself thisway you will get an error and the virus had failed to send itseve.

[Happy Evil]

Rob-hin,

That is very interesting. So it will not send any of the E-mails if you have one fail???

[Rob-hin]

That's what I heard. But I haven't had a virus in ages so...

[Xandax]

As I understand it, an "email-mass-sender" virus, dosen't send itself to all the people in your adress book in one email, but in one mail to each person.
I might be mistaking, but I think most email-vira will take that into account unless it is a simple virus

But most email-vira are pretty harmless, all you need to do to avoid getting infected is not running the attaced (often *.vbs) file.
Nimda is a bit different because it get launched by just view/previewing the email (not attachment) by launching some code - but this can be prevented by updating Internet Explorer, Outlook, Outlook Express on the microsoft website.

[Yshania]

If it works, I presume it is because four zeros will be the first address in your address book...

[Nippy]

Originally posted by Xandax:
<STRONG>Yeah - I send a silent prayer to Symantech each time it pops up and tells my that IP## has tryed to gain acces to my computer.

I've never been affected by a virus before - and now I've been attacked 5 times within a month , weird.</STRONG>

Remember you installed Gamespy and got attacked using it? Maybe thats the problem...

[Yshania]

Attacked using Gamespy

[Xandax]

Originally posted by Nippy:
<STRONG>Remember you installed Gamespy and got attacked using it? Maybe thats the problem...

</STRONG>

Well I've "only" been attacked twice, wich I can "possible" track back to people that were on GameSpy. The last Trojan I don't know.
Nimda was from a website and "I Love You" were emailed.

[Shadow Sandrock]

Yuck!

I haven't gotten sent any viruses before... hope I never do...

[Xandax]

Wohooo - another attack by Nimda to night local time.

And the other moderators would have gotten that email to, so if you have not checked your emails, don't view the email from "drew72286@aol.com", don't even preview it.

[fable]

@Shadow, if you have an email address and you keep it for a while, it's almost a dead certainty that you will be sent a virus via email. (You'll probably also end up with offers for college degrees, hair replacement programs, and drugs that will turn your sexlife into that of a 24/7 rutting mink; but all that's beside the point.)

For what it's worth, I *never* open an attachment unless it's one I've known was coming. I don't open attachments from friends with generic notes, like "Here's something you'll enjoy!" I also run virus and ad scanners usually once a week--more frequently if I've recently installed several new programs. Because although the developers themselves may be reputable, mistakes have been known to happen; and where ad/spyware is concerned, they aren't mistakes, but intentional efforts to monitor your net activity.

Remember, it's only paranoia if no one is out to getcha.

[Mr Sleep]

Originally posted by Xandax:
<STRONG>Wohooo - another attack by Nimda to night local time.

And the other moderators would have gotten that email to, so if you have not checked your emails, don't view the email from "drew72286@aol.com", don't even preview it.</STRONG>

BTW one can turn off the preview pane, which is one of the major causes of worms getting into your system, you automatically open an email if you have the preview pane open. Just go to view (in outlook express ), and layout, then you should be able to turn it off

[Xandax]

Yeah - but Nimda is one of the few vira that use this "facility" and it is only possible due to the fact that some code placed in a specific string is run by Outlook and Outlook Express.
Most other email vira infects via the attached file where people are stupid enought to run thoese