[4c-math94] Fwd: Virus Alert: BlackWorm (MyWife.d)

bobby villanueva Wed, 01 Feb 2006 21:14:06 -0800

Title: Security Alert: Stop the malicious BlackWorm from infecting your computer

BlackWorm FAQ

Q. What is CME-24?
A. A mass emailing worm with a destructive payload.
Please see <http://cme.mitre.org/data/list.html#24>
for pointers to antivirus vendor descriptions and analyses relating to this malwar

Q. I hear about new viruses all the time--what makes this one a "big deal?"
A. This destructive virus will delete files from a number of popular programs on February 3rd, and on the 3rd day of the month thereafter.

Files which may be deleted by the malware include files ending with the extension of DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, ZIP

Another factor that potentially makes this virus particularly noteworthy is that it has seen broad distribution, with the estimated infected machines in the hundreds of thousands. <http://www.lurhq.com/blackworm-stats.html>

Another factor that potentially makes this virus noteworthy is it's self defense
 mechanism. It closes windows if the caption has any of the following strings in it. SYMANTEC, 
SCAN, KASPERSKY, VIRUS, MCAFEE, TREND MICRO, NORTON, REMOVAL, 

or FIX. So many antivirus programs, scanners etc... can not be updated or used on a system that is infected with cme-24.
                          
Q. You refer to this  virus/worm as CME-24 -- that's not what *my* antivirus vendor calls it. What  other names does CME-24 use?  
                                                                                                                                                                                                                           
A. Vendor         Malware Name

Authentium        W32/[EMAIL PROTECTED]

AntiVir           Worm/KillAV.GR

Avast!            Win32:VB-CD [Wrm]

AVG              
 Worm/Generic.FX

BitDefender       Win32.Worm.P2P.ABM

ClamAV            Worm.VB-8

Command           W32/[EMAIL PROTECTED] (exact)

Dr Web            Win32.HLLM.Generic.391

eSafe             Win32.VB.bi

eTrust-INO        Win32/Blackmal.F!Worm

eTrust-VET        Win32/Blackmal.F

Ewido             Worm.VB.bi

F-Prot            W32/[EMAIL PROTECTED] (exact)

F-Secure          Email-Worm.Win32.Nyxem.e

Fortinet          W32/Grew.A!wm

Ikarus            Email-Worm.Win32.VB.BI

Kaspersky         Email-Worm.Win32.Nyxem.e

McAfee            W32/[EMAIL PROTECTED]

Nod32             Win32/VB.NEI worm

Norman            W32/Small.KI (W32/[EMAIL PROTECTED])

Panda             W32/Tearec.A.worm  (W32/MyWife.E.Worm)

QuickHeal         I-Worm.Nyxem.e

Sophos            W32/Nyxem-D

Symantec          [EMAIL PROTECTED]

Trend Micro       WORM_GREW.A (Worm_BLUEWORM.E)

VBA32             Email-Worm.Win32.VB.b

VirusBuster       Worm.P2P.VB.CIL 

    
(source: AV-Test.org)

    


                                                                  
Q. What is CME?

A. http://cme.mitre.org/ CME provides single,  common identifiers to new virus threats to reduce public confusions during  malware outbreaks. CME is not an attempt to solve the challenges involved with  naming schemes for viruses and other forms of malware, but instead aims to  facilitate the adoption of a shared, neutral indexing capability for malware.



Q. How do people get  infected with CME-24?

A. Known methods for  infection include infected
 email attachments and network shares, however other  mechanisms are also possible.
                          
While some areas of the  world appear to be more prone toward infection

than others, it appears that  infected systems may be found in virtually

all countries.
                                          
Q. What should I do to  protect myself from getting infected with CME-24?

A. There is a number of  things you can do:  
                  
Email
 attachments can  contain viruses

If your Internet Service  Provider provides an email scanning service subscribe to it.  
Do not open attachments  without first verifying that a trusted sender intentionally sent it to you by  asking them if they sent you an attachment.
Scan email attachments  before opening them.            
Do not open emails that  claim to have naughty content. This is a common trick used by email based  viruses.
Backup your
 system!

You should be routinely  making backups of y

ZoneAlarm Security <[EMAIL PROTECTED]> wrote:

Date: Wed, 1 Feb 2006 14:48:19 -0800
From: "ZoneAlarm Security" <[EMAIL PROTECTED]>
Subject: Virus Alert: BlackWorm (MyWife.d)
To: [EMAIL PROTECTED]

Upgrade Your ZoneAlarm^Â® Today and be Protected from BlackWorm on Feb. 3

ZoneAlarmÂ® Antivirus will protect you against the BlackWorm (MyWife.d) scheduled to attack this Friday, Feb. 3, 2006

Severity: High Risk

BlackWorm is a new and potentially destructive Internet worm currently making its way around the globe. It is infecting users via e-mail and is scheduled to destroy all Microsoft Word, Excel, PowerPoint, PDF, PSD and ZIP files on Feb. 3.

If you upgrade to ZoneAlarm Antivirus before Feb. 3, it will detect and remove existing BlackWorm infections and prevent future infections.

Free ZoneAlarm Firewall will not protect you from BlackWorm. Only ZoneAlarm premium products (ZoneAlarm Antivirus, Anti-Spyware, PRO, and Internet Security Suite) will protect against the BlackWorm.

Upgrade to ZoneAlarm Antivirus for only $19.95 and save 33%

Buy now and
SAVE 33%

ZoneAlarm Firewall + Antivirus + OSFirewall

only
$19.95

BUY NOW

Â© 2006 Zone Labs, L.L.C., A Check Point Software Technologies Company, 475 Brannan Street - Suite 300, San Francisco, CA 94107 USA. All rights reserved. All trademarks of Zone Labs used herein (including but not limited to TrueVector, ZoneAlarm, Zone Labs, the Zone Labs logo, AlertAdvisor, Cooperative Enforcement, Policy Lifecycle Management, Zone Labs Integrity and Smarter Security) are trademarks or registered trademarks of Zone Labs, L.L.C. and/or Check Point Software Technologies, in the United States and other countries. All other trademarks are the property of their respective owners.

Zone Labs LLC fully supports all efforts to ensure the security, privacy, and peace of mind of everyone on the Internet. Our email offers, satisfaction surveys and security communications are sent only to registered users of our software who have expressed an interest in receiving information via email. If you no longer wish to receive emails from us please use the unsubscribe link below or write to us at: Zone Labs LLC.; Attn Unsubscribe; 475 Brannan St, Ste 300; San Francisco, CA 94107; USA. To view our privacy policy click here.

This message was sent by Zone Labs, Inc. using Responsys Interact.
Safely unsubscribe from Zone Labs, Inc. e-mail at any time.
View our permission marketing policy.

Bring words and photos together (easily) with
PhotoMail - it's free and works with your Yahoo! Mail.








Ask our other classmates to subscribe, tell them to send an email to:

[EMAIL PROTECTED] 















  





  
  
  YAHOO! GROUPS LINKS




   Visit your group "4c-math94" on the web.
 
  
 To unsubscribe from this group, send an email to:
 [EMAIL PROTECTED]
 
  
 Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


	This message was sent by Zone Labs, Inc. using Responsys Interact. Safely unsubscribe from Zone Labs, Inc. e-mail at any time. View our permission marketing policy.

[4c-math94] Fwd: Virus Alert: BlackWorm (MyWife.d)

BlackWorm FAQ

Reply via email to