Two level 3 virus/worms in two days [Netsky.B]

Symantec Security Response website ^ | 2/18/2004

[FourPeas]

The email has the following characteristics:

From: (Spoofed)

Subject: (One of the following)

hi
hello
read it immediately
something for you
warning
information
stolen
fake
unknown

Message: (One of the following)

anything ok?
what does it mean?
ok
i'm waiting
read the details.
here is the document.
read it immediately!
my hero
[here
is that true?
is that your name?
is that your account?
i wait for a reply!
is that from you?
you are a bad writer
I have your password!
something about you!
kill the writer of this document!
i hope it is not true!
your name is wrong
i found this document about you
yes, really?
that is bad
here it is
see you
greetings
stuff about you?
something is going wrong!
information about you
about me
from the chatter
here, the serials
here, the introduction
here, the cheats
that's funny
do you?
reply
take it easy
why?
thats wrong
misc
you earn money
you feel the same
you try to steal
you are bad
something is going wrong
something is fool

Attachment Name: (One of the following)

document
msg
doc
talk
message
creditcard
details
attachment
me
stuff
posting
textfile
concert
information
note
bill
swimmingpool
product
topseller
ps
shower
aboutyou
nomoney
found
story
mails
website
friend
jokes
location
final
release
dinner
ranking
object
mail2
part2
disco
party
misc

Attachment Extension 1: (May include one of the following)

.txt
.rtf
.doc
.htm

Attachment Extension 2: (One of the following)

.exe
.scr
.com
.pif

[FourPeas]

Gotta love it when they come in bunches.

[Teacher317]

Nope. Don't love it one bit.

Vote Death penalty for virus-creators!

I'm half-kidding... I think...

[eyespysomething]

We barely got our mail server blocked before these started pouring in.

[FourPeas]

Mr. FourPeas works in IT Security. A level three (or four) often means he won't be home tonight. It also means his "super-high priority" project that MUST be finished by this Friday is going to slip because he has to spend time distributing new virus definitions, so he probably won't be home tomorrow night or the night after that, either. Ugh.

Gotta love it when they come in bunches.

[EggsAckley]

How do you block a mail server?

I use earthlink, btw.

[AppyPappy]

At least one of them removes other viruses,

[eyespysomething]

This was at work and the network guy did it. Sorry I wasn't clear.

If you use an internet based email it usually does a good job of blocking the viruses. We don't use Outlook Express at home, we check all our email over the internet.

Of course there are drawbacks, such as file size causes attachments to sometimes be discarded as being too big or suspect, but I have a secondary account I can use if needed.

[EggsAckley]

Earthlink has "spamblocker" which offers a list of suspected spam. Most of it IS spam and is easily deleted. On a rare occasion there is a legitimate email which I can safely retrieve.

I don't open ANY attachments anymore.

[lelio]

Gotta love it when they come in bunches.

Since I use qmail at home I've made up a lot of "dash extension" email addresses. So I have "lelio" for normal email, "lelio-dns" for DNS related issues, "lelio-qmail" for the qmail mailing list, etc.

What kills me is when I get 3 spams to all three addresses at the same time. Its obvious that they have a list of email addresses from mailing lists and just did an alphabetical sort on them.

I'm amazed that an "intellegent spammer" (is there one?) hasn't written up a program to narrow cast spam to people based on where they get the email address from. Granted a lot of spammers just buy the email address with no context and a lot of it is for penis extenders -- which I doubt there's a fan club site about.

[FourPeas]

I forgot about the Welchia version that made it to level three. Make that three level three virus/worms in the past two days.

[eyespysomething]

I call and ask people if they meant to send me an attachment usually.

I was very happy with earthlink when I used to use it. We use our cable company now for cable DSL.

[FourPeas]

Ooops. My mistake. Welchia.B went level three on the 13th IIRC, not in the past two days.

[night reader]

Vote Death penalty for virus-creators!

I'd be in favor of making them subject to civil liabilities. I can see them as defendants in a class action suit where the plaintiff is every one attacked by their worm or virus!

[FourPeas]

Now at Level 4. It's going to be a long night.

[JimVT]

I just got whacked today.

Finally got around it for a NAV fix.

Hackers should euneched w/o anesthesia!

[Johnny Gage]

I set up Outlook to take all incoming mail with attachments and put them into a separate folder.

Then, I can turn off the "preview pane" and check the properties of said email, and determine "friend/foe" without without even viewing them.

[bwteim]

It's been said before, but also turn OFF any settings that

allow for Network Access when displaying complex HTML

[N3WBI3]

This is not hackers..