It's imperative everyone updates their AV software NOW, and again even if you updated it a few hours ago. There is a new Trojan out as of 14 hours ago (when is was first discovered) called JUNKSURF. As of this email writing only EIGHTEEN computers were infected WORLDWIDE, mine being one of them! 15 infections in the USA. Apparently I was among the first couple or so to get it. 24 hours ago I got some emails with no links in the message body:
----- Original Message ----- From: Wiley Mccauley [EMAIL PROTECTED] To: Sent: Wednesday, September 03, 2003 3:19 AM Subject: Hello Hello, How have you been lately? Our familys been fine, not a lot happening over here! What are you doing this weekend? Luv, Your Pal! ================ I got more again overnight. I was suspect of them because when I clicked on them I got an Active X warning that said something like my settings "won't allow Active X to be run on this email". They are in HTML format and I looked at the code and found an imbedded object tag with this URL: http://%363.2%346.%3130.2%30%31%2F%63g%69%2D%62i%6E%2Fa%2E%63%67%69 which is http://63.246.130.201/cgi-bin/a.cgi (The URL's have since been terminated by the hosts). I removed the object tag so I could report the emails as SPAM to the webhosts and ISP and so they'd be able to see the emails. A visit to the URL opened the download dialog box and I downloaded the file. It was scanned automatically during download and scanned manually afterwards and it showed clean. (This evidently is not the malicious code since it still showed cleaned a few minutes ago, however I opened it again in notepad and this time it was blank! Probably cleaned I guess by the new updates). When I first opened the file in Notepad I saw the URL www.malware.com and the code looked like a vi*us of some kind. (*That website appears to be a criminal cyberterrorist site and it's of no surprise they are in South America or Ma-lay-sia). I found out minutes ago that I got infected just by previewing the emails, just by clicking on them in OE. I just did it again and this time the Trojan was stopped by my AV software because I just updated it again a few minutes ago. I updated my AV software less than 24 hours before this! This shows you that not even updating once a day is enough! Also not even the strictest of security settings can protect you. Fortunately this is not a bad Trojan, it's not destructive. There is absolutely no way of being protected against this thing if you use OE or Outlook, other than the up-to-the-second vir*s definitions. I still have an infected file in "Recycler" on my "storage" partition that I can't delete! FYI: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_JUNKSURF.A&VSect=T http://securityresponse.symantec.com/avcenter/venc/data/download.aduent.trojan.html *Target: www.malware.com IP Address 216.251.32.98 hosting.megawebservers.com Network Data OrgName: InternetNamesForBusiness.com OrgID: INFB Address: 500 East Broward Boulevard Address: Suite 1700 City: Fort Lauderdale StateProv: FL PostalCode: 33394 Country: US NameServer: NS1.MEGANAMESERVERS.COM TechName: InternetNamesForBusiness.com TechPhone: +1-954-463-3080 TechEmail: [EMAIL PROTECTED] >>>Registrant Data Domain name: MALWARE.COM Malware Group 1 Iceberg Lane 11th Quadrant, Chile MAL 001 AQ Administrative Contact: Ware, Mal [EMAIL PROTECTED] 1 Iceberg Lane 11th Quadrant, Chile MAL 001 AQ 0 89900 Fax: 0 89900 Technical Contact: Admin, Network [EMAIL PROTECTED] 5415 Dundas Street West SUITE 207 Toronto, Ontario M9B 1B5 CA (416) 233-7150 Fax: (416) 233-6970 -Clint God Bless Us All Clint Hamilton, Owner Want to exchange links with us? http://OrpheusComputing.com ) ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
