The Computer Guys

Miami to Fort Lauderdale Since 1994 - Thank You!

 

 

We Build the Best & Repair the Rest! ©

 

Alerts May 2006

FAQ Search Virus Alerts Hardware Faqs

 

 

Computer Repair
PC Maintenance
Disaster Recovery
SpyWare Removal
Company Profile
Disclaimer
Contact Information
Home Users

 

 


Alerts 2005 Alerts January 2006 Alerts February 2006 Alerts March 2006 Alerts April 2006 Alerts May 2006 Alerts June 2006 Alerts July 2006 Alerts August 2006 Alerts September 2006 Alerts October 2006 Alerts November 2006 Alerts December 2006

 

 

 

 

Top 10 malware reported to Sophos in May 2006

Position Last
month		 Malware Percentage of reports
1 1 W32/Netsky-P
   16.7%
2 2 W32/Zafi-B
   11.4%
3 3 W32/Nyxem-D
   7.5%
4 10 W32/Mytob-AS
   6.3%
5 New W32/Mytob-P
   5.3%
5 New W32/Mytob-M
   5.3%
7 4 W32/Netsky-D
   3.7%
8 Re-entry W32/MyDoom-O
   3.6%
9 6 W32/Mytob-FO
   2.9%
10 7 W32/Mytob-C
   2.1%
Others 35.2%

 

 

X97F/Yagnuul.gen

 

Excel virus takes aim at fantasy football fans

A new Microsoft Excel virus is targeting fantasy football league fans, luring them with an offer of worksheets to track the performance of their team.

The XF97/Yagnuul.A virus can infect users' dot-xls spreadsheets once the attachment is opened. The virus deploys an infected fantasy league file on the computer's hard drive and may also modify a user's data, according to an alert on Monday from security company Sophos.

Graham Cluley, Sophos senior technology consultant, said in a statement: "Fantasy football-like leagues have been set up in offices across the [UK], and fans often keep track of how well they are doing by using Excel spreadsheets. Every computer user needs to take great care not to fall foul of malware like the Yagnuul virus."
 

More

 

W32/Hoots.worm

 

Sophos discovers hooting virus

Anti-virus vendor Sophos has discovered a worm that attempts to send a photograph of an owl to attached network printers.

The W32/Hoots-A worm is written in Visual Basic, spreading via network shares. When it infects a computer it attempts to send a graphical image of an owl with the legend "O RLY?" to a number of predefined print queues.

The phrase "O RLY?" is internet slang for "Oh really?", and is often accompanied by a picture of a snowy white owl.

Graham Cluley, senior technology consultant for Sophos said this wasn’t the work of a professional virus writer.

“Most malware authors these days encrypt their executables with packers in an attempt to make them harder to detect, this one does not. It is also written in Visual Basic, which is unusual for a virus today,” he said.

 

More

 

 

Exploit-OleData.gen

 

Zero-day Word flaw used in attack

A new, yet-to-be-fixed security hole in Microsoft Word exposes computer users to cyberattack, Symantec warned Friday.

Would-be intruders already have attempted to compromise PCs at a Japanese government entity by exploiting the flaw, Vincent Weafer, the senior director at Symantec Security Response, said in an interview. In response, Symantec has raised its ThreatCon to Level 2, which means an outbreak is expected.

"What we're seeing is a continuation of the targeted threat using zero-day vulnerabilities," Weafer said. (Zero-day flaws are ones for which no patch exists.) "We got it from a single large customer inside Japan. We have not seen anyone else get it."

Microsoft is readying a security update for Word that repairs this vulnerability, a company representative said in an e-mailed statement. The fix is scheduled to be released as part of the June 13 security updates, or sooner, if warranted, the representative said.

More

 

 

W32/Mytob-M is a mass-mailing worm and IRC backdoor Trojan.

W32/Mytob-M runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, including the ability to download and execute files on the infected computer.

W32/Mytob-M can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a ZIP file containing a file with a double-extension. Emails sent by the worm have the following characteristics:

Subject line:
Notice: **Last Warning**
*DETECTED* Online User Violation
Your Email Account is Suspended For Security Reasons
Account Alert
Important Notification
*WARNING* Your Email Account Will Be Closed
Security measures
Email Account Suspension
Notice of account limitation

Message body:
Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.

The original message has been included as an attachment.

We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

We attached some important information regarding your account.
 


Please read the attached document and follow it's instructions.

Attachment base name:
email-info
email-doc
information
account-details
document
INFO
instructions
info-text
information

First extension (of attachment or of file inside ZIP):
doc
htm
txt

Second extension (of attachment or of file inside ZIP):
pif
scr
exe
cmd
bat

If the attachment is a ZIP file it will have the same base name as the double-extension file inside.

Example attachment names include document.txt.pif and information.doc.cmd, usually with a large number of spaces between the extensions.
 

Google
 
This web is optimized for 800 x 600 monitor resolution or above and the latest web browser.  Get the latest IE or Netscape web browser. (you need to connect to the internet first)

 

 

Copyright © 1998 The Computer Guys

 Back Home Up Next