Heads Up**W32.HLLW.Symten@mm
Results 1 to 6 of 6

Thread: Heads Up**W32.HLLW.Symten@mm

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743

    Exclamation Heads Up**W32.HLLW.Symten@mm

    Hi Guy's

    Another Cat 2 warning on Symantecs list for today, Full details Here

    Wild: Low
    Damage: Low
    Distribution: High


    W32.HLLW.Symten@mm is a mass-mailing Worm that distributes itself by a randomly generated email. The worm is written in Visual Basic.

    Also Known As: Bloodhound.W32.VBWORM, I-Worm.Symten.b [KAV]
    Type: Worm
    Infection Length: 106,496 bytes
    Systems Affected: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP
    Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux
    Check the Social enginering used in the message..

    Body:
    Look at this!!! Microsoft svchost Patch:
    Please run a search on your computer for the file name SVCHOST.EXE if this file is found on your system run the update patch provided in the attatchment of this email.
    Regards,
    Adam Voldran
    MSUpdate Devision
    Microsoft Corp.
    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Very good social engineering.....same style as that hoax virus a year or so ago. Do this if you find that and kill yourself.
    Please run a search on your computer for the file name SVCHOST.EXE if this file is found on your system run the update patch provided in the attatchment of this email.
    While in reality:
    Svchost.exe is just an easy name to say. What this means is that you have services running from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time.
    From http://www.igknighttec.com/Windows/W...vchost_exe.php
    Moxnix
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Thumbs up

    Shame on you sir!

    You have not suggested "regprot" fom DiamondCS. This is a brilliant little piece of software that intercepts any attempts to add to or modify your Windows registry, and gives you the choice of accepting the change or rejecting/reverting. Hey!...99% of malware tries to edit your registry doesn't it?

    I am afraid that I do not have the web addy to hand (moving house) but if you search for "regprot" or "DiamondCS" on the net you will find their site.

    The reason I cry "shame" is that DiamondCS is an AUSTRALIAN outfit. And the software is FREE!

    I can almost forgive you guys for beating us at rugby and cricket

    just another whinging pom

    cheers!

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743

    Lightbulb

    DiamondCS
    The Programm in question is RegistryProt now at version 2.

    I've had to turn it off/disable to do MS updates anyhow.. so for this Virus.. the social engineering will still have done it's job.. (mind I will Have to try version 2 for my comments to be current)

    These guys do have some other software available for download, some is free..


    .. U R just a P.O.M.E aka Pommie... (strange though P.O.M.E stands for Prisoner Of Mother England.. so what crime are you guilty of..lol) no further comments needed..



    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Undertaker: Just remember though - England is still your mummy and she can still spank you if you are disrespectful.....

    Thanks for the heads up as usual.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Thumbs up

    I stand corrected "regprot.exe" is the gismo that runs in the background and monitors what is going on. Mine is currently using 120k of RAM, so it is very light on resource.

    I have not had any problems with MS updates. OK you get warnings, but as you know you are installing/updating you just click OK. At least it proves that the software is "on its toes" and you have had a second chance to make up your mind.

    I tend to take the arbitrary view that anything that requires more than half a dozen registry entries is probably pretty lousy software anyway, so I take a positive view of the warnings.

    Another "good idea"..in my humble opinion, is software that intercepts the running of scripts, and warns you if you might be about to launch an executable from the net. I use "Script Defender" from AnalogX, and "Scrip Trap", by Robin Keir. You may find the latter slightly over the top because it warns you about Word and Excel documents (they may contain a macro virus), but it will interface with your AV software product to let you scan suspicious items "on the fly".

    I also like "Winsonar" which monitors for new programs running in the background (like trojans for example). You can then add them to the list of "good guys" and they will be ignored, or you sort out your problem.

    You are quite correct about social engineering, but a lot of it is down to people's gullibility. MAJOR SOFTWARE COMPANIES DO NOT MAIL YOU UPDATES....if you are lucky you get a mass mailed advisory that an update is available from their website, or the software has an auto-update facility.

    Another point is that major software houses know how to check spelling and grammar. In your example, "Devision" should be "division" and "attatchment" should be "attachment"

    If in doubt go to the software supplier's website and your AV providers site to check that anything you receive unsolicitedly is genuine.

    Be safe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •