Welcome to WebmasterWorld Guest from 54.211.17.91

Forum Moderators: phranque

Message Too Old, No Replies

Watch Out for New Virus

"price"

   
5:36 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



We've seen a rapid spread of a new virus that Symantec/Norton isn't stopping (yet). It may have "price" in the message body and an attachment called "price.exe". It looks like a Bagle variant, but I'm no expert.

The sender address is spoofed, so users should be cautioned to open NO attachments they aren't expecting, even from people they trust.

5:42 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



while we are on the subject ..apparently from some of the more recent call outs I have had to deal with CD trays going wiggy and "possessed" ..net bus ( client side control ) has been discovered by a new generation of kiddies ...Think BO did this aswell? ...

what is the target ( apart from Doze in general of Price ..rogerd? )

5:47 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Target? I don't know, Leosghost, but I can forward one for you to open & find out... ;)

I'm guessing it's similar to the Bagle: [software.silicon.com...]

6:20 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member txbakers is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I received it in a "zip" file something like "newprice.zip" which I immediately deleted.

Nasty stuff.

6:39 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member



[isc.sans.org...]

All samples received so far arrive without subject. Attachment names are price2.zip, new__price.zip, 08_price.zip, and likely others. The text reads 'price' or 'new price'.

Nice catch Roger.

7:31 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member



More info from SANS:

the virus installs itself as C:\WINDOWS\System32\WINdirect.exe and runs from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win_upd2.exe
8:18 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Still not much out there, but eWeek is reporting that some users are being inundated by the worm: [eweek.com...]

McAfee now calls it a medium threat, but it doesn't seem to be on the radar at Symantec yet.

8:49 pm on Aug 9, 2004 (gmt 0)

10+ Year Member



My Mcafee updated itself about 5 minutes ago with a definition of it.
8:55 pm on Aug 9, 2004 (gmt 0)

10+ Year Member



Received several dozen this afternoon, it's certainly taking off.
8:58 pm on Aug 9, 2004 (gmt 0)

10+ Year Member



Yeah this one is going fast - received about 50 in the last few hours. This one's going for a real minimalist look to it...
9:02 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



According to Full Disclosure, this is another Bagel variant, so expect updated defs from all vendors in a few hours.

<edit>
In fact, defs are out:

[sophos.com...]
</edit>

9:04 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Edited because we just said the same thing! (Beat me to it...)
:)
9:28 pm on Aug 9, 2004 (gmt 0)

10+ Year Member



Our EMail Virus Scanner has blocked every instance, “We are quite safe from their pathetic insignificant virus rebellion.”
9:49 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



AVG has an critical update for it too. Thanks for the heads-up.
10:12 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I've received it all day, with the attachment price.zip
10:14 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Youp. Had several of them in my mail today, now in my paperbasket.

Oh this viruses nowadays suck. I remember the first virus I ever had on my PC it seems like decades ago. It was called the Stoned Virus. And everytime the PC started it said something like: "Your PC is now stoned. Legalize Marijuana!"

At least it had some message... Ah the good old times...

10:31 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Ha! just found it on Symantec. (Stoned Virus)

[securityresponse.symantec.com...]

They still have it there. 1987... O god i'm getting old.

(Sorry for getting a little off topic...)

10:34 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member eliteweb is a WebmasterWorld Top Contributor of All Time 10+ Year Member



lol our clients are loven this one.
10:48 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Had one too, when are the big AV's catching up? Hope tonight.
11:19 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Haven't received it either at home or at work - at work is a real surprise considering....
11:36 pm on Aug 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So, is it just me, or do you think that this could be targeted at affiliates?

The reason I ask is because my affiliate email address that I use to communicate with merchants is getting hammered by this, some looking like it came from the merchant, and, hmmm.. price.exe or variation would be something that an affiliate might want to open. Then again, it could be just strange luck that only the affiliate address has been hit.

12:01 am on Aug 10, 2004 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I don't think there's any affiliate spin on this, hannymyluv. The earliest copies I saw came via a political organization, and then I began seeing them from other random sources. Kind of the luck o' the address book.
12:19 am on Aug 10, 2004 (gmt 0)

10+ Year Member



i got this email and open teh folder.. but i didn't touch the exe file... hopefully that didn't do anything to my computer.
6:53 am on Aug 10, 2004 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Norton has a new LiveUpdate virus definitions file dated today. It's getting to be a pretty large file.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month