NEWS: World Cup virus kicks off
Results 1 to 9 of 9

Thread: NEWS: World Cup virus kicks off

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool NEWS: World Cup virus kicks off

    As network managers prepare to tackle the onslaught of World Cup-related emails in between catching a few games, users are warned to be on the lookout for viral emails.
    A Visual Basic Script worm that uses the World Cup as bait has kicked off against unsuspecting fans.

    Masquerading as an application for viewing match results, WorldCup spreads via email and the popular Internet Relay Chat application.

    The virus appears to be a simple rewrite of the Chick virus, which claimed to be a collection of Britney Spears pictures. The virus cannot do any damage automatically, as a user has first to open the infected file.

    WorldCup typically arrives in an email with the subject line: "RE: Korea Japan Results", while the text inside reads: "Takes a look at these results... Regards". The attached file that puts the boot in is called Koreajapan.chm.

    When run, the user also has to fall for another security no-no and enable Active X controls at the prompt. The worm then launches its payload.

    The virus only sends itself to the first entry in the address book, once per infected machine.

    To cover its tracks, WorldCup displays a screen that claims to be an application for viewing match results, but does not in fact work.

    Source: http://www.xatrix.org/article1599.html

  2. #2
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    A Snake in the Grass........VERY short grass......must be tiny snake........lol
    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag D landet her kvilte i heilag fred og alle hadde kjrleik elske med.

  3. #3
    Member
    Join Date
    May 2002
    Posts
    42
    If it only sends itself to the first address in your book why dont you put in a new entry like the one I have : 0000 ( as the address) virus stopper ( as the name) or what ever you want as a name for the entry. By putting 0000 you insure that this is the first entry!!!! And its an dummy address. ( I got this idea from a newsletter from Panda Software awhile ago.)

    This should help curb the virus that go by the first entry.....Some virus will not compleate their MISSION if they are stopped on the first address!
    [glowpurple]The Nutta [/glowpurple]

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    5
    Or you could just update your Virii detection gear.
    -WiteWoLF
    Visit me. here

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Or just don't be an idiot and execute something you aren't sure of. Duh.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    657
    or dont use Outlook Express like a idiot!
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    452
    I haven't heard of .chm before...how many different extensions are there for activeX/VB executables?
    Elen alcarin ar gwath halla n engwar.

  8. #8
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    And what have we learned from this thread? Defense in depth is the way to go:
    A. Don't use Outlook Express.
    B. Regardless of your e-mail client, don't open unknown attachments.
    C. Make sure your virus definitions are up to date.
    D. Go ahead and throw that 0000 entry in your adress book just in case.

  9. #9
    Antionline Quitter..Srsly
    Join Date
    Aug 2001
    Posts
    457
    hmm well first of ppl must learn not to open attachments by adresses that they dont recognize...sencond dont enable an option cuz the email asks ya...but it is truly pathetic for ppl to make viruses and use events that are supposed to be fun and entertaining as a way to lure ppl into getting infected...it kinda sickens me
    \"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" G.K. Chesterton, 19th-century English essayist and poet\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •