Uechi-Ryu.com

For those of you who recieved a virus yesterday but where dissapointed you didn't get to see the picture:

</img>

This thing has really spread like wild fire! No wonder!


[This message has been edited by Tony-San (edited February 13, 2001).]

Apparently Gary Khoury's computer became affected! Does this mean he clicked on the attachment to see that picture?

Anyway, I was sent at least 15 email from Gary's machine with the virus message. But there were NO attachments!

Truth be told, I probably would have clicked on it, seeing that Gary sent it!

Normally, these viruses come with a message "topic" only and no words in the message box. I never open up those attachments and always send them back to the sender, asking them if they sent it to me. . . otherwise notifying them that their computer has a virus.

I've alerted a couple of people in this manner.

But back to Gary's message: Did my Zone alarm delete the attachment or did my higher security settings do the job?

Oh yea, for those of you considering dsl... Mine is down again, for the third time in 2 weeks. Generally it stays down for 8 - 24 hours at a time!



------------------
GEM

I noticed that too George. I got the same thing from hotmail though, a known virus email with no attachment. My guess it was stripped by the server. Mailsafe will do the same thing.

I got 4 viruses total yesterday, 2 of which where trojans. ubelieveable! One of these trojans where undetectable. I did 2 online scans with AvX.com and PC-Cillin and neither picked this trojan up. I had to forward it to inoculateIT. Appearently, it's a new varieant of the sub-seven. Maybe its a high tech trojan sent to me by the government.

Further info on how to get rid of it for those who are just tuning in...


This self-propagating virus is infecting PCs that run Microsoft Windows Outlook. Follow the instructions below to remove the infected e-mails from your computer.

What You Need To Do: Do NOT open e-mails from UNKNOWN sources with the following subject lines: "Here you go, )" "Here you have, ;o)" "Here you are, "

To permanently delete the message, highlight the message in your inbox, then press SHIFT and DELETE at the same time. (OUTLOOK only)

VBS/SST.Worm is a Visual Basic Script worm that spreads via e-mail by using the Microsoft Outlook application. Computer Associates has received many infection reports from clients in the USA and the UK.

The virus arrives attached to an e-mail message that has the Subject line:

"Here you have, ;o)"

The message body contains the following text:

"Hi: Check This!"

The attachment to the e-mail message is a Visual Basic Script file named:

"AnnaKournikova.jpg.vbs".

When the attached program (the worm code) is executed, SST copies itself to the Windows directory. Then it creates its infection mark by adding the following registry key:

"HKCU\software\OnTheFly\Worm made with Vbswg 1.50b"

As a payload, on the 26th of January [date already past, right?], it will launch a browser session to point to http ://www.dynabyte.nl.

The worm then proceeds to send itself out to all addresses found in all Outlook Address Lists. A registry key will be created so the mass mailing payload will not be triggered again:

"HKCU\software\OnTheFly\mailed", value set to 1.

IPE signature update 1139 includes detection for VBS/SST.Worm.

The Inoculan update file can be obtained at the following URL:
http://antivirus.ca.com/cgi-bin/ipe/update.cgi



------------------
Allen Moulton from Uechi-ryu Etcetera

Allen,

You use InoculateIT? Thats a good scanner. Can't beat the price eiter.

Wearing the professional hat of entomological firefighting helps.

------------------
Allen Moulton from Uechi-ryu Etcetera

One of the reasons why Anti Virus companies give you the various Subject Headers is so that you can plug them into your filters and never even see the mail. It will go right into the trash can.

Two things, Tony. 1) They caught the guy, and 2)That's not the picture CNN is showing...

Here is a quote from cnn.com news flash:

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Although it was OnTheFly who started the virus, his letter claims that he does not actually know how to programme a computer.

Instead he used a "virus toolkit" known as a Visual Basic Worm Generator to create the virus.

"It's horrifying," says Hypponen. "Someone who doesn't know how to programme can produce a virus that infects hundreds of thousands of computers.
<HR></BLOCKQUOTE>

------------------
Allen Moulton from Uechi-ryu Etcetera