|
-
July 18th, 2003, 03:04 PM
#1
 Heads Up**W32.HLLW.Symten@mm
Hi Guy's
Another Cat 2 warning on Symantecs list for today, Full details Here
Wild: Low
Damage: Low
Distribution: High
W32.HLLW.Symten@mm is a mass-mailing Worm that distributes itself by a randomly generated email. The worm is written in Visual Basic.
Also Known As: Bloodhound.W32.VBWORM, I-Worm.Symten.b [KAV]
Type: Worm
Infection Length: 106,496 bytes
Systems Affected: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux
Check the Social enginering used in the message..
Body:
Look at this!!! Microsoft svchost Patch:
Please run a search on your computer for the file name SVCHOST.EXE if this file is found on your system run the update patch provided in the attatchment of this email.
Regards,
Adam Voldran
MSUpdate Devision
Microsoft Corp.
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
July 18th, 2003, 08:56 PM
#2
Very good social engineering.....same style as that hoax virus a year or so ago. Do this if you find that and kill yourself.
Please run a search on your computer for the file name SVCHOST.EXE if this file is found on your system run the update patch provided in the attatchment of this email.
While in reality:
Svchost.exe is just an easy name to say. What this means is that you have services running from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time.
From http://www.igknighttec.com/Windows/W...vchost_exe.php
Moxnix
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
July 20th, 2003, 12:11 AM
#3
-
July 20th, 2003, 10:12 AM
#4
DiamondCS
The Programm in question is RegistryProt now at version 2.
I've had to turn it off/disable to do MS updates anyhow.. so for this Virus.. the social engineering will still have done it's job.. (mind I will Have to try version 2 for my comments to be current)
These guys do have some other software available for download, some is free..
.. U R just a P.O.M.E aka Pommie... (strange though P.O.M.E stands for Prisoner Of Mother England.. so what crime are you guilty of..lol) no further comments needed..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
July 20th, 2003, 11:16 AM
#5
Undertaker: Just remember though - England is still your mummy and she can still spank you if you are disrespectful..... 
Thanks for the heads up as usual.....
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 20th, 2003, 11:59 AM
#6
I stand corrected  "regprot.exe" is the gismo that runs in the background and monitors what is going on. Mine is currently using 120k of RAM, so it is very light on resource.
I have not had any problems with MS updates. OK you get warnings, but as you know you are installing/updating you just click OK. At least it proves that the software is "on its toes" and you have had a second chance to make up your mind.
I tend to take the arbitrary view that anything that requires more than half a dozen registry entries is probably pretty lousy software anyway, so I take a positive view of the warnings.
Another "good idea"..in my humble opinion, is software that intercepts the running of scripts, and warns you if you might be about to launch an executable from the net. I use "Script Defender" from AnalogX, and "Scrip Trap", by Robin Keir. You may find the latter slightly over the top because it warns you about Word and Excel documents (they may contain a macro virus), but it will interface with your AV software product to let you scan suspicious items "on the fly".
I also like "Winsonar" which monitors for new programs running in the background (like trojans for example). You can then add them to the list of "good guys" and they will be ignored, or you sort out your problem.
You are quite correct about social engineering, but a lot of it is down to people's gullibility. MAJOR SOFTWARE COMPANIES DO NOT MAIL YOU UPDATES....if you are lucky you get a mass mailed advisory that an update is available from their website, or the software has an auto-update facility.
Another point is that major software houses know how to check spelling and grammar. In your example, "Devision" should be "division" and "attatchment" should be "attachment"
If in doubt go to the software supplier's website and your AV providers site to check that anything you receive unsolicitedly is genuine.
Be safe
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
