June 11th, 2002, 08:23 AM
NEWS: World Cup virus kicks off
As network managers prepare to tackle the onslaught of World Cup-related emails in between catching a few games, users are warned to be on the lookout for viral emails.
A Visual Basic Script worm that uses the World Cup as bait has kicked off against unsuspecting fans.
Masquerading as an application for viewing match results, WorldCup spreads via email and the popular Internet Relay Chat application.
The virus appears to be a simple rewrite of the Chick virus, which claimed to be a collection of Britney Spears pictures. The virus cannot do any damage automatically, as a user has first to open the infected file.
WorldCup typically arrives in an email with the subject line: "RE: Korea Japan Results", while the text inside reads: "Takes a look at these results... Regards". The attached file that puts the boot in is called Koreajapan.chm.
When run, the user also has to fall for another security no-no and enable Active X controls at the prompt. The worm then launches its payload.
The virus only sends itself to the first entry in the address book, once per infected machine.
To cover its tracks, WorldCup displays a screen that claims to be an application for viewing match results, but does not in fact work.
June 11th, 2002, 01:52 PM
A Snake in the Grass........VERY short grass......must be tiny snake........lol
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
June 11th, 2002, 05:25 PM
If it only sends itself to the first address in your book why dont you put in a new entry like the one I have : 0000 ( as the address) virus stopper ( as the name) or what ever you want as a name for the entry. By putting 0000 you insure that this is the first entry!!!! And its an dummy address. ( I got this idea from a newsletter from Panda Software awhile ago.)
This should help curb the virus that go by the first entry.....Some virus will not compleate their MISSION if they are stopped on the first address!
[glowpurple]The Nutta [/glowpurple]
June 11th, 2002, 07:47 PM
Or you could just update your Virii detection gear.
Visit me. here
June 11th, 2002, 09:53 PM
Or just don't be an idiot and execute something you aren't sure of. Duh.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
June 11th, 2002, 10:35 PM
or dont use Outlook Express like a idiot!
[shadow]i have a herd of 1337 sheep[/shadow]
Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..
June 12th, 2002, 12:58 AM
I haven't heard of .chm before...how many different extensions are there for activeX/VB executables?
Elen alcarin ar gwath halla ná engwar.
June 12th, 2002, 01:07 AM
And what have we learned from this thread? Defense in depth is the way to go:
A. Don't use Outlook Express.
B. Regardless of your e-mail client, don't open unknown attachments.
C. Make sure your virus definitions are up to date.
D. Go ahead and throw that 0000 entry in your adress book just in case.
June 12th, 2002, 01:20 AM
hmm well first of ppl must learn not to open attachments by adresses that they dont recognize...sencond dont enable an option cuz the email asks ya...but it is truly pathetic for ppl to make viruses and use events that are supposed to be fun and entertaining as a way to lure ppl into getting infected...it kinda sickens me
\"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" — G.K. Chesterton, 19th-century English essayist and poet\"