New Virus - "your_details.zip" - Webmaster General forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

New Virus - "your_details.zip"

Is this a new virus?

iJeep

6:09 pm on Jun 27, 2003 (gmt 0)

Over the past week I have been getting hammered with e-mails with a subject like "Re: Movie" and a body that reads "Please see attached zip file for details."

The attachment is called "your_details.zip".

I haven't tried to open it, but a guy e-mailed me asking how to open the file I e-mailed him. I explained that it sounds like a virus that automatically sends itself using the from addresses from the an address book.

I have NAV 2003 with an up to date database. Why doesn't it pick up this virus? What is this virus?

oilman

6:13 pm on Jun 27, 2003 (gmt 0)

here ya go: [securityresponse.symantec.com...]

Birdman

6:15 pm on Jun 27, 2003 (gmt 0)

That's funny, I just got one five minutes ago! The subject was RE: Application, but the attachment was 'your_details.zip'.

Apparently it is a Sobig worm variant [reviews.cnet.com].

Too quick for me, Oilman!

Imagicor

6:19 pm on Jun 27, 2003 (gmt 0)

I believe this is a fairly new worm making the rounds.

W32/Sobig.e@MM

According to one of the major anti-virus sites the user must open the zip to cause damage and propogate the virus.

The worm uses its own SMTP engine to forward messages to contacts on the users machine.

oilman

6:19 pm on Jun 27, 2003 (gmt 0)

>>Too quick for me, Oilman!

I just happened to have the info handy - I've been getting absolutely pounded by this one. :)

peewhy

6:23 pm on Jun 27, 2003 (gmt 0)

ijeep, your virus protection is only as good as the updates, the updates are only as good as how up-to-date they really are.

You, your virus protection and the whole of cyber space can be right up to the second... then some @%*^ creates a virus.

....conspiracy theory time, does a virus protection software developer create viruses just to sell software and updates? .....hmmmmm

RBuzz

6:57 pm on Jun 27, 2003 (gmt 0)

Um, Sobig spoofs addresses so it's entirely possible that iJeep didn't send it at all...

oilman, I know what you mean. This one isn't as bad as Klez but it's pretty flippin' bad.

iJeep

7:00 pm on Jun 27, 2003 (gmt 0)

I agree with the up to date stuff.

I have been getting this one all week. Yet Norton says it was discovered on 6/25 and fixed 6/26 (yesterday).

When there is a virus that is as active as this one is I update a few times per day, amazingly there is almost always some definitions needing updating.

Conspiracy? Maybe. I think it is more likely the credit card companies are a conspiracy, but that is a whole nother forum.

peewhy

8:09 am on Jun 28, 2003 (gmt 0)

The real nightmare is not only how up to date are the updates but how active is the virus creator in creating variants?

JonB

8:36 am on Jun 28, 2003 (gmt 0)

getting them everyday . subject :Re:movies

peewhy

8:44 am on Jun 28, 2003 (gmt 0)

yep, last week it was from Microsoft, this week it's your_details, next week it will .. whatever. Millions still fall victim.

mikejson

2:33 pm on Jun 30, 2003 (gmt 0)

Update on this subject. My NAV actually caught these virus emails. I just updated a few days ago, and yesterday I got 2(probably from friends that didn't have protection... suckers). Both were the same type of virus, I didn't get to see the header info(and was too lazy to look it up) but they were both the virus you guys mentioned above ...e@komm or somethin like that. BUT I also have a few hotmail accounts that I use and McAfee(what hotmail uses as vs) did not catch these emails(got 1 in each of my hotmail accounts). So if your using hotmail out there, be aware.

Similarly, my friend has the home version of McAfee, and he had the same problem. The auto update was on 24/7 and his mother(should never let her on the comp anyway) got an email thought she was safe from the antivirus software, and bam... 20 secs later I got an email with a virus attached.

Something could be said about comparing the 2 top Anti-Virus software :O...but I won't say it :P