The Computer Guys

Miami to Fort Lauderdale Since 1994 - Thank You!

 

 

We Build the Best & Repair the Rest! ©

 

Alerts December 2004

FAQ Search Virus Alerts Hardware Faqs

 

 

Computer Repair
PC Maintenance
Disaster Recovery
SpyWare Removal
Company Profile
Disclaimer
Contact Information
Home Users

 

 


March 2004 August 2004 November 2004 October 2004 April 2004 July 2004 Virus Alert Calendars May 2004 September 2004 June 2004 January 2004 February 2004 Alerts 2003 Alerts Jan 2004 Alerts Feb 2004 Alerts March 2004 Alerts April 2004 Alerts Top 10 May 2004 Alerts Top10 June 2004 Alerts Top 10 July 2004 Alerts August 2004 Alerts September 2004 Alerts Oct 2004 Alerts November 2004 Alerts December 2004

 

 

 

 

Top 10 malware reported to Sophos in December 2004

Position Last
month		 Malware Percentage of reports
1 New W32/Zafi-D
   36.8%
2 2 W32/Sober-I
   20.7%
3 1 W32/Netsky-P
   15.5%
4 3 W32/Zafi-B
   8.6%
5 5 W32/Netsky-D
   2.8%
6 6 W32/Netsky-Z
   2.5%
7 7 W32/Bagle-AA
   2.0%
8 8 W32/Netsky-B
   1.7%
9 New W32/Netsky-AD
   1.2%
10 9 W32/MyDoom-O
   1.0%
Others 7.2%

 

 

Read About It

 

Information about W32/Atak.i@MM is located on VIL at:

<http://vil.nai.com/vil/content/v_130381.htm>

 

 Antivirus companies have spotted another mass-mailing Christmas card virus spreading around the Internet..

 

According to antivirus company F-Secure on Thursday, reports are rolling in of Atak.H, which poses as a Christmas e-card.

 

"There are different levels of risk with these email Christmas cards," said Mikko Hypponen, director of antivirus research for F-Secure. "It's very similar to past ones we've seen. There's little risk in sending Christmas cards, but there is in opening them. We recommend people to send old-school Christmas cards because there's no security risk in that."

 

The virus, which is similar to the Zafi worm currently causing havoc on the Internet, spreads to all the addresses in the contacts book of email clients.

 

But unlike the multilingual Zafi, Atak only sends itself in English.

 

more

 
Read About It

 

Information about PERL/Santy.worm is located on VIL at: http://vil.nai.com/vil/content/v_130471.htm

 

Net worm using Google to spread

A Web worm that identifies potential victims by searching Google is spreading among online bulletin boards using a vulnerable version of the program phpBB, security professionals said on Tuesday.

 

The Santy worm uses a flaw in the widely used community forum software known as the PHP Bulletin Board (phpBB) to spread, according to updated analyses. The worm searches Google for sites using a vulnerable version of the software, antivirus firm Kaspersky said in a statement.

 

Almost 40,000 sites may have already been infected. Using Microsoft's Search engine to scan for the phrase "NeverEverNoSanity"--part of the defacement text that the Santy worm uses to replace files on infected Web sites--returns nearly 39,000 hits

 

More

 

 

W32/Zafi-D is a mass mailing worm and peer-to-peer worm.
 

W32/Zafi-D copies itself to the Windows system folder with the filename Norton Update.exe.
 

W32/Zafi-D creates a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. Some of these are exact or zipped copies of the worm, detected as W32/Zafi-D, while others are log files created by the worm.
 

W32/Zafi-D harvests email addresses from the Windows Address Book and from files found on the hard drive.
 

W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe.
 

W32/Zafi-D displays an fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".

 
A typical message sent by the W32/Zafi-D worm

 

 
This web is optimized for 800 x 600 monitor resolution or above and the latest web browser.  Get the latest IE or Netscape web browser. (you need to connect to the internet first)

 

 

Copyright © 1998 The Computer Guys

 Back Home Up