Posted on 06/17/2004 7:00:09 AM PDT by MountainPatriot
SPARTANBURG, SC (Talon News) -- A threatening new e-mail virus debuted last Friday and is quickly circulating worldwide across the Internet, affecting computers of countless numbers of individuals, government officials, and media.
In a message entitled "{Spam?} {Virus?} {Spam?} Check this out kid!!!," the e-mail simply states, "Send me back bro, when you'll be done...(if you know what i mean...) See ya, ..."
Worse yet, the attachment to this e-mail, "jennifer the wild girl xxx07.jpg.pif," is a virus that has severely infected computers internationally.
The virus, known as Worm.Zafi.B, sends as many as 100 or more e-mail messages daily with the aforementioned message delivered from various e-mail addresses.
The recipient list in the e-mails received by Talon News indicates that the e-mail virus has been sent to members of the media, such as CNN, the Washington Post, Seattle-based KIRO radio, and Talon News, as well as elected officials like House Speaker Dennis Hastert and House Minority Leader Nancy Pelosi, just to name a few.
In addition, the White House has received this e-mail virus along with governors and Congressman in every state.
The e-mail originates from a listserve entitled cis-announce or cis-outgoing. When someone receives this e-mail virus thinking it is spam and replies to everyone on the list about it, the virus spreads even further to the entire database of e-mail addresses found in the address book of the victim of the virus.
The Department of Homeland Security and Federal Bureau of Investigation have already been notified of this virus and are currently conducting research on it.
Each time a person responds to the virus e-mail, the virus adds "{Spam?}" to the outgoing message.
The official name of this Hungarian virus is Worm.Zafi.B, also known as Erkez.b, and has been described in a statement by Graham Cluley, senior technology consultant for Sophos Anti-virus (web site), as the most "widespread e-mail worm at the moment."
VirusList.com (web site) describes in detail the various forms of the Worm.Zafi.B e-mail virus that have shown up since it first began last week.
The worm was originally written in Hungarian and has been sent in many different languages, including English, Italian, Spanish, Swedish, and Russian.
This international e-mail virus infects a computer when the attachment is opened by looking for new e-mail addresses and sending a new message out to everyone in that person's address book.
Since the e-mail virus appears to come from someone familiar with the recipient, also known as "spoofing," the likelihood of the virus spreading is even greater.
To see if a computer has been infected by this e-mail virus, Symantec (web site) recommends that a complete scan be performed.
Although there may be an e-mail alert showing the virus originating from someone's e-mail address, that does not necessarily mean that person has the virus, because the virus "spoofs" the name of the sender at random among the e-mail addresses in its database.
As for disinfecting this virus, a special utility called F-Secure has been developed to eliminate the Zafi.B worm infection and can be downloaded at their web site.
Recipients of this e-mail virus are being asked to refrain from replying to this message in any form because it only sustains the life of the virus.
Copyright © 2004 Talon News -- All rights reserved.
The bigger question is why hasn't MSFT spent $2B of their $60B stash fixing the holes in their software?
Why are we having to install virus s/w at all, why isn't it incorporated into the operating system. Maybe the people in Redmond should start innovating!
The virus sends those out. Ignore it.
My ISP also provides Postini. I signed up a few months ago when I was bombarded with the Netsky virus. It costs me a dollar a month more. Money well spent.
I'd say a dollar a month is certainly worth it (I thought I was getting a good deal, when I was saving a buck a month -- LOL!).
They should thank God that the virus makers aren't randomly wiping 64k chunks of data off their disks like one that was released a month or so ago.
Fortunately, I'm not succeptable to these attacks because I'm 100% micrsoft free at home. The email is a PITA to deal with, but my methods of dealing with spam get 95% of them.
Not most of the time. The current generation of viruses reads an address out of the infected computer's address book and selects on eat random to put in the "From" block. Rarely does it pick an address from someone I know.
//We have a code number set up between us and our kids. If we're sending files to each other, we include that code in the Subject line. If we get email with attachments from our kids and that code isn't there we don't open it. Period. We write them back (a new message, not a Reply) and tell them and, if it's legit, they resend with the code in place.//
On the occasions I've had to exchange executables with clients, I've always PKZIP'ed them using the password option. While I wouldn't trust the password to be unbreakable, the odds of a virus sending a ZIP file encrypted with the right password seem pretty darned remote.
The bigger question is why hasn't MSFT spent $2B of their $60B stash fixing the holes in their software?
If true justice were served Bill Gates would serve 10 years in jail for fraud and misrepresentation.
I was just kidding, Bill.
LOL. I've yet to see a machine that required wiping. The worst case I've encountered couldn't get to the internet after all the spyware was removed. This took a bit of head scratching, but I solved it by uninstalling and reinstalling the network card.
I do this kind of work for a living and keep AdAware and Spyware Blaster on my USB keychain drive. So far they've been sufficient when used in combination.
Worst case scenerio I reinstall Windows, but only in repair mode. When things are working pretty normally I run regcleaner and remove all traces of programs and registry entries that shouldn't be there. This requires little technical knowledge, since regcleaner identifies unused entries.
Just who do you think I am enabling. The person who does nothing wrong and accidentally opens up a virus? Ok. I accept that.
You, on the other hand, are making excuses for and enabling the criminal. I like my position much better.
Or better yet for FREE you can go here: http://www.grisoft.com/us/us_dwnl_free.php
and get a AVG for FREE. Updates are free also.
I am not associated with the company just a very satisfied user. Very stable and works great!
A big part of this problem has come from people who don't understand file extensions and keep them shut off in their Windows system. When Microsoft began to lower the bar on computer knowledge, things began to get easier for the malicious....
(I think everyone should be forced to start with a command line interface, and they can work up to a gui from there...)
I'm so happy to know that people writing for newpapers are as knowledgable about computer virus infections as they are about "assault weapons!"
F-Secure is a company! F-Secure, AVG, McAfee, CA, Symantec, Kaperski, and all the others have the fix for this.
BTW, if you don't want to be infected by something like this, DO NOT TOUCH THE ATTACHMENT!!!!
Mark
I received this e-mail three days ago at work. I right-clicked the attachment in order to access the PROPERTIES dialog (to view the full filename, it was truncated in the icon) and whammo, off it went. It exploits yet another hole in Outlook . . .
You DON'T have to open this one to set it off. Its nasty.
I'm a paranoid guy; yet it got past me.
What does 'pif' stand for?
Hey, I'm a paranoid gal-type, myself, and have had numerous helpers downloaded and updated for quite a few years. Consider yourself lucky (I guess??) BraveMan, I can't even get my Netscape mail to download and read for about a week.
That's one of the craziest things I've experieced. Although, that's just one of many things. I have ZoneAlarm and AVG installed and updated regularly. Anyone have a fix for that, please private Freepmail, so I don't miss seeing it.
I even had a difficult time today, getting to Freerepublic, using IE. The URL kept changing.
What's a gal to do?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.