Malicious 'newsletter' virus hits users in Germany
Results 1 to 10 of 10

Thread: Malicious 'newsletter' virus hits users in Germany

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Malicious 'newsletter' virus hits users in Germany

    Antivirus (AV) firms are warning of a "highly dangerous" virus that disguises itself as a newsletter from a popular German AV site. There have been reports of mass infections in Germany caused by the malicious code.

    The 'Yarner' virus disguises itself as the AV program YAW, arriving as an attachment to an official looking message purporting to be from AV website Trojaner- info.de. The email contains the subject line: 'Trojaner- Info Newsletter [infected computer's current date]'.

    If the attached Yawsetup.exe file is opened, the worm creates a file in the Windows directory with a random name up to 100 characters long and registers the file in the registry as an auto run key. This means that the worm is run every time Windows boots up.

    Yarner spreads as a mass mailing virus, accessing the Microsoft Outlook address book to retrieve addresses as well as scanning all .php, .htm, .shtm, .cgi and .pl files for addresses.

    After harvesting the details the worm connects to a remote SMTP server in order to forward itself to more unsuspecting victims.

    AV firms have warned that Yarner also contains a highly destructive payload. It has a one in 10 chance of destroying all data and information on an infected machine after forwarding itself.

    Experts have warned that this latest epidemic is more evidence of malicious code writers using social engineering to trick unwary users.

    Eugene Kaspersky, head of AV research at Kaspersky Labs, said: "Trojaner-Info, supposedly in whose name the infected messages are sent, is a popular German resource for solving AV security problems. This service has no relationship whatsoever to this current epidemic.

    "What is occurring now simply confirms once again that an email address and a message text can be easily falsified and, with the use of this trick, a user has a malicious program thrust upon him or herself."

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Finally, someone thought about the impact of AV newsletters. I mean, who wouldn't just open a letter from an AV site you frequent? BAM, infection. Those are some sneaky bastages. Don't get me worng I just think that that was pretty ingenious.

    Think about the possibilities if those people used those smarts for "good" purposes. nah.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Originally posted here by KorpDeath
    Don't get me worng I just think that that was pretty ingenious.



    It's brilliant! The dark side have powers beyond our wildest dreams! LOL The ultimate would be to plant some kind of malicious code in the auto update of Norton for example....It downloads and installs automatically....


    Like Korpdeath, I don't support these people, I just marvel at the lengths they go to spreading thses things.....Quite brilliant actually.....

  4. #4
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    hehe true.. a wolf in sheep's clothing... when i read this im like.. hmm why didnt i think of that?? lolz that possibility or kind of attack never crossed my mind... hehehe

  5. #5
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    The ultimate would be to plant some kind of malicious code in the auto update of Norton for example....It downloads and installs automatically....
    Such an ingenious sceme exists! It is called "windows update," I believe
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Originally posted here by Guus


    Such an ingenious sceme exists! It is called "windows update," I believe
    This is very true. How many people just blindly click on the pop up authorising MS code to run on their machine when doing a Windows update. Remember when someone stole the MS certificates? Well they could have used a nice activeX script and realy screwed up peoples computers. Thats why you never check the little box on that pop up that says "always trust content from this source. Do it on an individual basis. Or even better, you can go to the MS Corp Update site and download the updates as a whole .exe or .cab and update it yourself with out using active content. They made this availible so system admins can download the patches and fixes so they can update all their machines instead of one by one through Windows Update.

    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    you can go to the MS Corp Update site and download the updates

    true but corporate.windowsupdate.microsoft.com is always behind on getting out fixes...still no sign of the new security rollup for corp users...i had to manually update all boxes here one saturday coz of it...pisses me off...and their website is an absolute MESS....

    results of search for

    Windows 2000 with IE 5.5
    Critical Security Updates
    Service Packs and Recommended Updates
    Time Scope: last 2 months...


    <M$ waste of time>

    Select Updates
    Updates Available:
    Items Selected:
    Size:


    Sort By:

    Operating System Update Type Manufacturer Posted Date Title
    Select updates to download.

    No results found

    </M$ waste of time>
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    more info can be found at theRegister

    The good news is most AV companies have released updates for their products.

    J.

  9. #9
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    Such an ingenious sceme exists! It is called "windows update," I believe
    hahah yeah true.. an example would be this:

    http://www.antionline.com/showthread...&postid=457584

    This may not be exactly what you expected but hey, big fires starts from small sparks.. lolz

  10. #10
    haraam77
    Guest

    Talking Good post......

    You can read the whole story at www.vnunet.com/News/1129357

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •