Nice Icon

Nice GUI

Asks you to fill in all your mail-server details, pretty nifty peice of
code.

More info here:

http://www.security-forums.com/forum...pic.php?t=8447

--
Get your Geek Goodies!
http://shop.security-forums.com

..: http://www.security-forums.com :.

Share your knowledge
It's a way to achieve
Immortality.

Yes,

Got one too. Looks almost genuine (except for the fact microsoft never sends
out patches). I wonder what the 'patch' does?

Regards, Ron AF Greve

"Lord Shaolin" <abuse@127.0.0.1> wrote in message
news:q1uab.7517$vX3.1100489@wards.force9.net...

On Fri, 19 Sep 2003 12:56:10 +0200, "Moonlit"
<alt.spam@jupiter.universe> wrote:


http://us.mcafee.com/virusInfo/defau...virus_k=100662

John wrote:

--
http://aleeya.net

Tell me and I'll forget.
Show me and I'll remember.
Involve me and I will learn.


Give a man a fish, feed him for a day.
Teach a man to fish, feed him for a lifetime.

"kyra" <kyra@cotse.com> wrote in message
news:PXCab.2135$jU6.1277@fe05.atl2.webusenet.com.. .
thats what you get for posting your mail addy to
www.free-boobie-pics-mail-me.com ;D

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

"Lord Shaolin" <abuse@127.0.0.1> wrote in message
news:q1uab.7517$vX3.1100489@wards.force9.net...
Nice to see someone taking pride and effort in their work :P

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

"Lord Shaolin" <abuse@127.0.0.1> wrote in message
news:q1uab.7517$vX3.1100489@wards.force9.net...
heh, well if people are stupid enough to open exe's from their email. I'm
assuming it spoofs the from feild as M$ ? othewise its gunna look even more
strange if all your mates are sending you patches, i guess... hrmmm...... .

Anyway, i dont know if i mentioned it, but i dont run AV software, i used to
occasionally scan when i got updates from work, but i'm too lazy. Anyway, i
got my first virus in 6 years the other day wooooooooo. Or should i say my
first infection. Blaster Worm :P anyway, i got the rpc error so i knew
summink was up, then my firewall kicked off. in about 30secs i knew where it
came from (kazaa :P), identified the file, killed it, killed the process and
removed all entries, completely clean. But just to be safe i downloaded the
AV scan/patch, over 20 fucking minutes it took and the result, to summarize
exactly what i had done (and what it failed to as i was clean). Bah to it
all :P

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Hi,

Thanks for the link, so it is mainly replicating and major nuisance (with
the false error messages).

Regards Ron.
"John" <nospam@nospam.boltblue.com> wrote in message
news:ggulmv83gqcpp8k2jtk5oephqh77rfue07@4ax.com...

Hi,

It looks so real I think this one is going to beat a lot of other virusses
(as one said this virus relies heavily on social engineering and
unfortunately that works).

Luckily I only got two in the past 24 hours.

Regards, Ron AF Greve.

"kyra" <kyra@cotse.com> wrote in message
news:PXCab.2135$jU6.1277@fe05.atl2.webusenet.com.. .

In article <t4idnURUFus6hfaiU-KYgw@brightview.com>, "Mimic" <null@void.net>
wrote:
As you say, people are stupid (I prefer to say "naive" or "ignorant" - it's
slightly more polite). Yes, the virus spoofs to make it look like it comes
from the right place. It'd probably spread even if it didn't - it looks so
pretty that some people just have to click - they'd probably even follow
instructions to open a zip file, enter a password, open the file, save it to
their network server, and run it. Social engineering exploits that one big
bug that noone can quite manage to fix.

Ooh, you're soooo butch!

Yeah, I hear you on the "I don't run AV software" thing - for the most part,
it's a waste of time for someone who reads the right lists and has a good
amount of knowledge. But then, that's not the same group of people that are
clicking on attachments, is it? The "click anything with a blue line under
it" brigade need some form of automated protection.

[If MS didn't exist, and we were all using Linux, these guys would _still_
save attachments out to the disk, drop into a shell, and execute away!]

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

The problem here is not the virus, which is easily detected by a number of
AV programs, but the jamming of email boxes. One of my boxes has 1210
messages, all with 106KB attachements, just in the last few hours. I can't
download all those messages to sift out the real ones, so that effectively
renders this box useless.



This is a box I opened recently, so I know pretty much where the spam is
coming from. I used the address in posting to comp.os.linux.misc, and
comp.os.ms-windows.misc. I was even careful to modify the address, so it
could only be used by a real person not a robot. Someone is making a big
effort to spread this worm.



I guess the only solution is to never use your real identity or email
address in a newsgroup.



- Dave

Mimic wrote:
last 36 hours), it looks a lot like the work of a hipcrime bot, lots of
different headers and lots of nonsensical addresses etc. It's a fucking
pain in the ass if you ask me. My webmail has filters but they are
pretty weak, they don't allow regular expressions but I finally figured
out how to filter them to the trash by specifying the mime type in the
header which is something the bot/virus/worm can't change if it wants to
send me an attachment.


I don't run av software either because it's a pain in the ass and can
bring even the most powerful computer to it's knees just running in the
background. AV software is useless for protecting you from the latest
viri anyway. When they come up with "forward looking" anti virus
software I might be interested. My wife got the msblast virus merely by
turning off her firewall to play a game. It happened the same day I read
about it, and was going to implement the necessary changes to her
computer when she finished playing, instead I had to clean it up.
Anti-virus definations weren't even available at the time she became
infected (not that it would have done any good because she wasn't
running antivirus anyway)

Lord Shaolin wrote On 18 Sep 03 22:41:

Yep. I've gotten over 260 spam e-mails as a result of this worm (90+ on
Thursday, 90+ by lunchtime EDT today, and 80+ more after coming home
from work). It's obviously based on harvested e-mail addresses, as I
received them to all three of my "public" e-mail addresses, two of which
are domain-based aliases.
--
__________________________________________________ ___
Zarggg | zarggg at zarggg dot net | KeyID: 0xC00D540D
| http://www.zarggg.net/ |
-----------------------------------------------------

"Rev Turd Fredericks" <turdfred@catholic.org> wrote in message
news:PM0003C7B79D9EA844@dhcppc2.reshsg.uci.edu...
Microsoft advocates are claiming that XP is just as secure as Linux, that
you can't get a virus without doing something stupid, like clicking on an
email attachement. Could you tell us more about this incident. Does "play
a game" mean download some program and run it? Why would you need to turn
off a firewall to play a game on your own computer?

I've also heard that msblast can infect a computer without *any* user
interaction. I was told this by a system administrator who takes care of
hundreds of Windows workstations. I asked him what network services were
running on the computers (telnet, ftp, etc.) and he said none. The virus
can apparently propagate with just the basic network communication
protocols.

- Dave

Dave wrote:
It was an online game called Neverwinter nights. The program was not
downloaded, it was purchased. She doesn't use email at home either. The
firewall was disabled because it sometimes interferes with the game, I
have since fixed that and the game can be played with the firewall on.
There was no user interaction required. The only reason we found out was
when she renabled her firewall, the firewall warning window popped up
and asked "msblast.exe requests a connection to IP xxx.xxx.xxx.xxx".
msblast takes advantage of an RPC vulnerability. She doesn't use XP but
it is also vulnerable to msblast in the same manner.

Rev Turd Fredericks <turdfred@catholic.org> said:
And fixes to close the RPC hole used by msblast were published by
Microsoft some months before the msblast attack, if I recall correctly.

If the machine in question is running NT 4.0 workstation, it might be
that the fix is not available, as the OS is no longer supported by MS,
in which case the firewall is the only remaining protection. But _if_
the OS was something for which the fix was available, this infection
was caused by user ignorance/neglicience.

It is unfortunate the Internet has turned this way, that everyone
connecting to it must be acutely aware of security issues. And it is
unfortunate the integrity of software available is what it is (for
those starting to advocate open source software at this point, look
at recent issues with sendmail, OpenSSH, some ftp daemons, etc; perhaps
not as bad as Microsoft side, but not completely solid, either).
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

"Dave" <dave@nospam.com> wrote in message
news:vmnast33riem31@corp.supernews.com...
I imagine if it was an online game she'd wanna squeeze every bit of
bandwidth and cpu out of the box for the game, i turn mine off sometimes
when my games get lagged.

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

"Zarggg" <zarggg@zarggg.net> wrote in message
news:nbNab.2214$if4.1586355@newshog.newsread.com.. .
heh i dunno how you people do it :P 200 a day, heh I havent hd any i'd i'll
bet 10$ i wont get it.
On a further note, it might be useful to have a fwding email address, i use
one for people i dont know / aint really interested in. name@mydomain.com
fwds to my isp account, that way if the spam fills, i can just terminate or
redirect the fwding.

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

"Dave" <macquigg@nospam.ece.arizona.edu> wrote in message
news:vmn5u0jrh7ff99@corp.supernews.com...
Well thatll teach you for being so darn popular ;D

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Juha Laiho wrote:
could call it ignorance as I had not heard of the msblast worm until
shortly before the infection occured. I think the fix came in early-mid
july, but it didn't get a lot of fanfare, the machine got infected
around mid-August.