This a sick part of the world I live in so here is is the drill:
All of these are messages dealing with mass-mailing worms. typical examples are:
W32.dumaru.x
W32.Sobig.X@mm
Where X is a letter indicating a revision (For those of you in IT, there is revision control on Viruses!)
Good information can be found at
WWW.SARC.COM
What these attacks do is exploit a weakness in the 32bit operating systems by Microsoft. In particular the take advantage of the Outlook address book to replicate themselves.
Essentially what they do is hit a unprotected PC and if the vulnerability exists, browse the local adddress book for addresses and then use a self contained mail engine re-broadcast itself There are literally dozens of variants, all of which generate a different subject line and body text. For those of you who got your complimentary 500 warnings from Microsoft about patching your PC that was an example of the virus.
Side Note: Under no circumstances will Microsoft ever send by mail any security warning as part of a mass mail. I get them from Microsoft, however I also pay $110,000 a year for the priviledge.
Essentially this means someone you all have corresponded with in the past is infected.
Different variants may or may not have a payload that is harmful beyond the replication. Those that do, tend to have either Trojan Horses, which grant inside-out access to your PC, or are part of Denial of Service attacks, where your machine, on a specific date will begin, hopefully on the virus writer's part, to relentlessly try to contact a victim, often Microsoft. The goal is to overwhelm their inbound servers and thus deny them access to the internet.
So, what should you do?
1) Visit the windows update site and make sure your PC has all critical security patches in place. This is free and easy - You guys are rocket scientists, you got no excuse here.
2) Have a working and updated antivirus client
3) Practice safe computing - If you are not sure about the legitimacy of an e-mail, delete it. Never open an attachment you are unsure of. It only takes a moment to pop a note to a "friend" who sent you something to check the validity. Also keep in mind, any file with an atttachment of .SCR, .EXE, or .ZIP are most likely carriers.
One note to allay worries - just opening an e-mail triggers no known threats, only opening and thereby executing, the attachment will cause trouble.
I do have a long range plan that involves catching one of the authors, inserting a N2000 motor (wrapped in 60 grit sandpaper to ensure retention) and using them as a modroc at LDRS
I hope this has been helpful.
Please, do not use this as a springboard for "Nyahh Nyahh - I have a MAC, and this does not affect me" postings.
Al
