-
February 19th, 2002, 11:38 PM
#1
Malicious 'newsletter' virus hits users in Germany
Antivirus (AV) firms are warning of a "highly dangerous" virus that disguises itself as a newsletter from a popular German AV site. There have been reports of mass infections in Germany caused by the malicious code.
The 'Yarner' virus disguises itself as the AV program YAW, arriving as an attachment to an official looking message purporting to be from AV website Trojaner- info.de. The email contains the subject line: 'Trojaner- Info Newsletter [infected computer's current date]'.
If the attached Yawsetup.exe file is opened, the worm creates a file in the Windows directory with a random name up to 100 characters long and registers the file in the registry as an auto run key. This means that the worm is run every time Windows boots up.
Yarner spreads as a mass mailing virus, accessing the Microsoft Outlook address book to retrieve addresses as well as scanning all .php, .htm, .shtm, .cgi and .pl files for addresses.
After harvesting the details the worm connects to a remote SMTP server in order to forward itself to more unsuspecting victims.
AV firms have warned that Yarner also contains a highly destructive payload. It has a one in 10 chance of destroying all data and information on an infected machine after forwarding itself.
Experts have warned that this latest epidemic is more evidence of malicious code writers using social engineering to trick unwary users.
Eugene Kaspersky, head of AV research at Kaspersky Labs, said: "Trojaner-Info, supposedly in whose name the infected messages are sent, is a popular German resource for solving AV security problems. This service has no relationship whatsoever to this current epidemic.
"What is occurring now simply confirms once again that an email address and a message text can be easily falsified and, with the use of this trick, a user has a malicious program thrust upon him or herself."
-
February 19th, 2002, 11:49 PM
#2
Finally, someone thought about the impact of AV newsletters. I mean, who wouldn't just open a letter from an AV site you frequent? BAM, infection. Those are some sneaky bastages. Don't get me worng I just think that that was pretty ingenious.
Think about the possibilities if those people used those smarts for "good" purposes. nah.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
February 19th, 2002, 11:55 PM
#3
Originally posted here by KorpDeath
Don't get me worng I just think that that was pretty ingenious.
It's brilliant! The dark side have powers beyond our wildest dreams! LOL The ultimate would be to plant some kind of malicious code in the auto update of Norton for example....It downloads and installs automatically....
Like Korpdeath, I don't support these people, I just marvel at the lengths they go to spreading thses things.....Quite brilliant actually.....
-
February 19th, 2002, 11:55 PM
#4
hehe true.. a wolf in sheep's clothing... when i read this im like.. hmm why didnt i think of that?? lolz that possibility or kind of attack never crossed my mind... hehehe
-
February 20th, 2002, 12:05 AM
#5
The ultimate would be to plant some kind of malicious code in the auto update of Norton for example....It downloads and installs automatically....
Such an ingenious sceme exists! It is called "windows update," I believe
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
-
February 20th, 2002, 12:47 AM
#6
Originally posted here by Guus
Such an ingenious sceme exists! It is called "windows update," I believe
This is very true. How many people just blindly click on the pop up authorising MS code to run on their machine when doing a Windows update. Remember when someone stole the MS certificates? Well they could have used a nice activeX script and realy screwed up peoples computers. Thats why you never check the little box on that pop up that says "always trust content from this source. Do it on an individual basis. Or even better, you can go to the MS Corp Update site and download the updates as a whole .exe or .cab and update it yourself with out using active content. They made this availible so system admins can download the patches and fixes so they can update all their machines instead of one by one through Windows Update.
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
-
February 20th, 2002, 01:05 AM
#7
you can go to the MS Corp Update site and download the updates
true but corporate.windowsupdate.microsoft.com is always behind on getting out fixes...still no sign of the new security rollup for corp users...i had to manually update all boxes here one saturday coz of it...pisses me off...and their website is an absolute MESS....
results of search for
Windows 2000 with IE 5.5
Critical Security Updates
Service Packs and Recommended Updates
Time Scope: last 2 months...
<M$ waste of time>
Select Updates
Updates Available:
Items Selected:
Size:
Sort By:
Operating System Update Type Manufacturer Posted Date Title
Select updates to download.
No results found
</M$ waste of time>
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
February 20th, 2002, 11:01 AM
#8
more info can be found at theRegister
The good news is most AV companies have released updates for their products.
J.
-
February 22nd, 2002, 01:04 AM
#9
Such an ingenious sceme exists! It is called "windows update," I believe
hahah yeah true.. an example would be this:
http://www.antionline.com/showthread...&postid=457584
This may not be exactly what you expected but hey, big fires starts from small sparks.. lolz
-
February 26th, 2002, 01:31 AM
#10
Good post......
You can read the whole story at www.vnunet.com/News/1129357
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|