Viruses Worms Trojans ... Oh, my!

[Guest LilBambi]

The Sober Worm is definitely out there in full swing!It goes by various Letter variants depending on your antivirus software but it is definitely out in force!I have collected just a few items about this Sober Worm on the Announcements on my FCS Newsletter site.The one called Sober-N even knocked out Norton Antivirus software on one of my client's computers before Norton could do anything about it. He is now using avast! Home Edition (free for personal, non-commercial use) on all his computers. It came in through his Outlook email. These worms are very tricky in their presentation.Can we say, social engineering?

[Corrine]

Don't tell epp_b or Temmu about these:

'Star Wars' Worm Targets AOL, Yahoo IM ServicesUPI05/25/05 10:52 AM PTWhen an IM user clicks the link in the AOL message, a malicious code is downloaded to the user's PC. The code is installed and the worm sends itself to all of the victim's contacts, the report said. In the Yahoo instant message, the link leads to a site designed to look like a real Yahoo Web site, but is in fact part of a phishing scheme to steal log-in information.

http://www.technewsworld.com/story/ZRuE7T1...-Services.xhtml

[Guest LilBambi]

Zotob.E - Already Category 3 (Symantec) and TrencMicro lists it as Medium Risk as well.Symantec's Removal Tool:http://securityresponse.symantec.com/avcen...moval.tool.htmlMight be good to have on hand just in case.If one computer gets it on a network ... the removal tool must be run on all the computers on the network.Can apparently only infect Windows 2000 (no user intervention), but can run and spread through other Windows versions.Nasty piece of work here.Rons also linked to the MS Vvirus Removal Tool which also includes Zotob.

[Guest LilBambi]

New Worm Hits The Top Of The Threat ChartsThe worm, which debuted Tuesday, is now No. 3 on F-Secure's updated virus list and accounted for more than 11% of all malicious code the company intercepted in the last 24 hours. By Gregg Keizer, TechWeb NewsJan 18, 2006 01:04 PMhttp://www.informationweek.com/news/showAr...cleID=177101528 A worm that debuted Tuesday had quickly climbed the malware chart to the number three spot by Wednesday, a Finnish security company said.With a variety of names -- F-Secure calls it VB.bi, Symantec dubs it Blackmal.e, McAfee labels it MyWife.d -- the worm, said Helsinki-based F-Secure, is a simple Visual Basic (VB) construction that arrives as an e-mail file attachment. The worm also spreads through shared folders, and when activated tries to disable a number of security programs, including those sold by Symantec, McAfee, Trend Micro, and Kaspersky Labs.One of its distinguishing features, noted the Internet Storm Center (ISC) in its alert is that "the attachment can be either an executable file or a MIME file that contains an executable file."The latter tactic is meant to conceal the payload's danger; the MIME format is rarely used by attackers. One of the last great MIME-based attacks was the Nimda worm of 2001.Blackmal.e/VB.bit/MyWife.d shoved its way into the third spot on F-Secure's updated virus list, and accounted for more than 11 percent of all malicious code the company intercepted in the last 24 hours. Only a pair of Mytob worms were more prevalent.Symantec, which tagged the worm with a "2" in its 1 through 5 threat scale, has posted a free-of-charge removal tool on its Web site that deletes all traces of the malware:http://securityresponse.symantec.com/avcen...moval.tool.html