Hi Guy's

Another Cat 2 warning on Symantecs list for today, Full details Here (http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.symten@mm.html)

Wild: Low
Damage: Low
Distribution: High


W32.HLLW.Symten@mm is a mass-mailing Worm that distributes itself by a randomly generated email. The worm is written in Visual Basic.

Also Known As: Bloodhound.W32.VBWORM, I-Worm.Symten.b [KAV]
Type: Worm
Infection Length: 106,496 bytes
Systems Affected: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux


Check the Social enginering used in the message..

Body:
Look at this!!! Microsoft svchost Patch:
Please run a search on your computer for the file name SVCHOST.EXE if this file is found on your system run the update patch provided in the attatchment of this email.
Regards,
Adam Voldran
MSUpdate Devision
Microsoft Corp.


Cheers

Very good social engineering.....same style as that hoax virus a year or so ago. Do this if you find that and kill yourself.Please run a search on your computer for the file name SVCHOST.EXE if this file is found on your system run the update patch provided in the attatchment of this email.

While in reality:Svchost.exe is just an easy name to say. What this means is that you have services running from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time.
From http://www.igknighttec.com/Windows/WindowsXP/svchost_exe.php
Moxnix

Shame on you sir!

You have not suggested "regprot" fom DiamondCS. This is a brilliant little piece of software that intercepts any attempts to add to or modify your Windows registry, and gives you the choice of accepting the change or rejecting/reverting. Hey!...99% of malware tries to edit your registry doesn't it?

I am afraid that I do not have the web addy to hand (moving house) but if you search for "regprot" or "DiamondCS" on the net you will find their site.

The reason I cry "shame" is that DiamondCS is an AUSTRALIAN outfit. And the software is FREE! :)

I can almost forgive you guys for beating us at rugby and cricket ::biggrink

just another whinging pom

cheers!

DiamondCS (http://www.diamondcs.com.au/)
The Programm in question is RegistryProt (http://www.diamondcs.com.au/index.php?page=regprot) now at version 2.

I've had to turn it off/disable to do MS updates anyhow.. so for this Virus.. the social engineering will still have done it's job.. (mind I will Have to try version 2 for my comments to be current)

These guys do have some other software available for download, some is free..


.. U R just a P.O.M.E aka Pommie... (strange though P.O.M.E stands for Prisoner Of Mother England.. so what crime are you guilty of..lol) no further comments needed..



Cheers

Undertaker: Just remember though - England is still your mummy and she can still spank you if you are disrespectful..... ;)

Thanks for the heads up as usual.....

I stand corrected :) "regprot.exe" is the gismo that runs in the background and monitors what is going on. Mine is currently using 120k of RAM, so it is very light on resource.

I have not had any problems with MS updates. OK you get warnings, but as you know you are installing/updating you just click OK. At least it proves that the software is "on its toes" and you have had a second chance to make up your mind.

I tend to take the arbitrary view that anything that requires more than half a dozen registry entries is probably pretty lousy software anyway, so I take a positive view of the warnings.

Another "good idea"..in my humble opinion, is software that intercepts the running of scripts, and warns you if you might be about to launch an executable from the net. I use "Script Defender" from AnalogX, and "Scrip Trap", by Robin Keir. You may find the latter slightly over the top because it warns you about Word and Excel documents (they may contain a macro virus), but it will interface with your AV software product to let you scan suspicious items "on the fly".

I also like "Winsonar" which monitors for new programs running in the background (like trojans for example). You can then add them to the list of "good guys" and they will be ignored, or you sort out your problem.

You are quite correct about social engineering, but a lot of it is down to people's gullibility. MAJOR SOFTWARE COMPANIES DO NOT MAIL YOU UPDATES....if you are lucky you get a mass mailed advisory that an update is available from their website, or the software has an auto-update facility.

Another point is that major software houses know how to check spelling and grammar. In your example, "Devision" should be "division" and "attatchment" should be "attachment"

If in doubt go to the software supplier's website and your AV providers site to check that anything you receive unsolicitedly is genuine.

Be safe :)