New Virus Doing the Rounds
#1
I know it's the wrong place but we had a new virus hit us at work today.
It came as an attachment and was called
SEXOWAN.JPG.VBS
and also
GELOAN.GIF.VBS
However it can come across with any name as it renames itself.
About 60 people ( myself included ) made the mistake of opening the file instead of saving to disk.
The virus then proceeded to
1. Modify the registry ( Needed admin privleges so in NT this did not work ) although it would in Windeow 98, 2000 and Me. It attempted to add startup programs in the startup menu and default pages to IE.
2. Propogate itslef to every .vbs file on every Network drive attached to my machine.
3. E Mail it self out to people in our Global Address list.
One good point was that any machine with anti virus software spotted it and set off alerts. Some quick thinking by our security people stopped it before it took hold.
I have now changed my file associations for vbs ( Visual Basic Script ) files and Java Script files and changed the default option from Open to Edit.
So basically our Exchange server was out of action for most of the day.
The blurb in the virus appears to point to somebody in Colombia and refers to a notorious website for hackers.
This is a warning please heed it !!
It came as an attachment and was called
SEXOWAN.JPG.VBS
and also
GELOAN.GIF.VBS
However it can come across with any name as it renames itself.
About 60 people ( myself included ) made the mistake of opening the file instead of saving to disk.
The virus then proceeded to
1. Modify the registry ( Needed admin privleges so in NT this did not work ) although it would in Windeow 98, 2000 and Me. It attempted to add startup programs in the startup menu and default pages to IE.
2. Propogate itslef to every .vbs file on every Network drive attached to my machine.
3. E Mail it self out to people in our Global Address list.
One good point was that any machine with anti virus software spotted it and set off alerts. Some quick thinking by our security people stopped it before it took hold.
I have now changed my file associations for vbs ( Visual Basic Script ) files and Java Script files and changed the default option from Open to Edit.
So basically our Exchange server was out of action for most of the day.
The blurb in the virus appears to point to somebody in Colombia and refers to a notorious website for hackers.
This is a warning please heed it !!
#2
DOH!
Don't open a vbscript file!
I thought the latest patches for OutlookExpress (prolly not relevant at work) and Exchange stopped this?
I'm surprised it worked under Win2k. Have you got file/logon security enabled?
Don't open a vbscript file!
I thought the latest patches for OutlookExpress (prolly not relevant at work) and Exchange stopped this?
I'm surprised it worked under Win2k. Have you got file/logon security enabled?
#3
Opps.
1st rule of e-mail security. Don't open strange attachments.
2nd rule - see rule 1.
If you aren't running a virus scanner or some form of basic attachment filtering on your Exchange Server, then (IMO) you are asking for trouble.
We use NAI GroupShield 4.5 SP1 on Exchange Server and block all VBS, WSH and other script type attachments (regardless of whether they are a virus or not), along with a few other file types. If the file is actually valid, it can be retrieved from the Q'Tine folder quickly and easily.
If you are really paranoid, look at MimeSweeper or GFI Mail Essentials.
Chris.
1st rule of e-mail security. Don't open strange attachments.
2nd rule - see rule 1.
If you aren't running a virus scanner or some form of basic attachment filtering on your Exchange Server, then (IMO) you are asking for trouble.
We use NAI GroupShield 4.5 SP1 on Exchange Server and block all VBS, WSH and other script type attachments (regardless of whether they are a virus or not), along with a few other file types. If the file is actually valid, it can be retrieved from the Q'Tine folder quickly and easily.
If you are really paranoid, look at MimeSweeper or GFI Mail Essentials.
Chris.
#4
Scooby Regular
Another rule: Whay would you try and open a file that had both JPG and VBS extensions, or any attachment with vbs extension for that matter????
This is obviously a mutation of the LOVEBUG virus (for which I have the full source code somehow - got it at work and managed to save it as a .txt file )
Thanks for the info anyway Neil
This is obviously a mutation of the LOVEBUG virus (for which I have the full source code somehow - got it at work and managed to save it as a .txt file )
Thanks for the info anyway Neil
#5
Scooby Senior
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
Dream Weaver,
The problem is that people with the "Hide File Extensions for known file types" setting could _inadvertantly_ click on a bad file.
Even worse is the fact that Windows hides a few dangerous file types by default!! Thus you should NEVER (double)click on a file in an e-mail.
mb
The problem is that people with the "Hide File Extensions for known file types" setting could _inadvertantly_ click on a bad file.
Even worse is the fact that Windows hides a few dangerous file types by default!! Thus you should NEVER (double)click on a file in an e-mail.
mb
#6
Thanks for the advice guys.
I was actually trying to select 'Save' file but missed.
Now set all defaults to edit file instead of open for VB Script and Java Script.
Our virus detection software on the Exchange server picked it up and we avoided ( to some extent ) a really serious problem.
We are on 95 and NT.
The post was just a warning to you all, to avoid any further embarrasments.
I was actually trying to select 'Save' file but missed.
Now set all defaults to edit file instead of open for VB Script and Java Script.
Our virus detection software on the Exchange server picked it up and we avoided ( to some extent ) a really serious problem.
We are on 95 and NT.
The post was just a warning to you all, to avoid any further embarrasments.
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM