-
Content Count
4314 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by martymas
-
-
hi team
another bagel virus is on the loose out there.
it is raging in the south pacific.
but dosent mention that in this news letter .
how ever where ever it is.
take plenty of precautions .
marty
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm
Issue Preview:
1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Return of BAGLE – WORM_BAGLE.AZ (Medium Risk)
3. Top 10 Most Prevalent Global Malware
4. Submit your Spam & Suspicious Files for Analysis
5. Webinar: Protect your Growing Business from Viruses and Malicious Code
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.
************************************************************************
1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 2.375.00
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VR
SCAN ENGINE: 7.500
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VS
2.Return of BAGLE – WORM_BAGLE.AZ (Medium Risk)
------------------------------------------------------------------------
WORM_BAGLE.AZ is another variant in the BAGLE family. This worm
arrives as
an email attachment, and once executed, it sends copies of itself to all
email
addresses it gathers from files with certain extensions, and skips those
addresses that contain particular strings. The email it sends is
spoofed, and
may appear to have come from a familiar email address. The worm drops a
copy
of itself into the Windows system folder, and looks for folders that have
the
string "shar", then drops copies of itself using file names with
.EXE extensions
(it assumes that these folders are shared). In addition, this worm
displays
various icons and terminates several processes, most of which are related
to
antivirus and security programs. This worm ceases to perform most of its
malicious
routines on April 25, 2006 or later. It is currently spreading
in-the-wild and
infecting computers running Windows 95, 98, ME, 2000, and XP.
Upon execution, this worm drops a copy of itself using the following file
names
into the Windows system folder:
sysformat.exe
sysformat.exeopen
sysformat.exeopenopen
It then creates two registry entries. One registry enty allows it to
execute at
every Windows startup. By adding this entry, it enters an infinite loop
in
100-millisecond intervals. As a result, this worm can never be deleted
as long as
it is in memory. The second registry entry is used to determine how long
it has
executed on a system. If this registry entry indicates that it is 25
days from its
first execution, this worm uninstalls itself from the system. It also
uninstalls
itself when the system date is April 25, 2006 or later.
It looks for folders that have the string "shar" and drops copies of
itself using
the following file names:
1.exe
2.exe
3.exe
4.exe
5.scr
6.exe
7.exe
8.exe
9.exe
10.exe
Ahead Nero 7.exe
Windown Longhorn Beta Leak.exe
Opera 8 New!.exe
XXX hardcore images.exe
WinAmp 6 New!.exe
WinAmp 5 Pro Keygen Crack Update.exe
Adobe Photoshop 9 full.exe
Matrix 3 Revolution English Subtitles.exe
ACDSee 9.exe
This worm attempts to propagate via email using its own Simple Mail
Transfer
Protocol (SMTP) engine. It searches for email addresses with certain
extensions.
View the full list of extensions at: http://www.trendmicro.com/vinfo/virusencyc...LE%2EAZ&VSect=T.
It sends email with the following details:
Subject: (any of the following)
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Message body: (any of the following)
Thanks for use of our software.
Before use read the help
Attachments: (any of the following file names)
guupd02
Jol03
siupd02
upd02
viupd02
wsd01
zupd02
(with any of the following extensions)
COM
CPL
EXE
SCR
The worm skips email addressess that contain certain strings. It
terminates specific
processes, mostly related to antivirus and security programs. It also
attempts to
connect to, and download files from, certain Web sites. For the complete
list of
strings, processes and Web sites, visit http://www.trendmicro.com/vinfo/virusencyc...LE%2EAZ&VSect=T.
Several registry entries associated with WORM_NETSKY variants are also
deleted, and
mutexes are created to prevent NETSKY variants from running on the systems
already
infected with this BAGLE worm.
This worm opens opens a port and listens for commands coming from a remote
malicious
user. It executes these commands on an infected system, providing the
remote malicious
user virtual control over the system.
If you would like to scan your computer for WORM_BAGLE.AZ or thousands
of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free, online virus scanner at:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VT
WORM_BAGLE.AZ is detected and cleaned by Trend Micro pattern file
#2.375.00
and above.
For additional information about WORM_BAGLE.AZ please visit:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VU
3. Top 10 Most Prevalent Global Malware
(from January 21 to January 27, 2005)
------------------------------------------------------------------------
1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. WORM_NETSKY.D
5. SPYW_GATOR.D
6. WORM_NETSKY.B
7. WORM_NETSKY.C
8. DOS_AGOBOT.GEN
9. SPYW_GATOR.C
10. TROJ_ISTBAR.GM
4. Submit your Spam & Suspicious Files for Analysis
------------------------------------------------------------------------
Found a file on your computer, with a strange name, and it's not detected
as
malware? Tired of getting spam email? Send it to us, for our engineers to
analyze.
Submit your spam for analysis:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VW
Submit a suspicious file or undetected virus for analysis:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VY
5. Webinar: Protect your Growing Business from Viruses and Malicious Code
------------------------------------------------------------------------
Please join in on February 8 from 11:00 a.m. - noon (Pacific Time),
for a stimulating
presentation on how Trend Micro, HP, and Microsoft are working together to
address
the Small and Medium Business (SMB) Infrastructure and Internet security
needs.
Presenters include:
Bala Venkat, Sr. Product Marketing Manager (SMB segment), Trend Micro
Harry Brelsford, Founder, SMB Nation
Marc Semadeni, Global Product Marketing Manager, Hewlett-Packard
During this presentation, you’ll learn about:
-Trend Micro SMB security offerings, and how they can protect your
business from
threats of viruses, and spam
-The unique Trend Micro SMB value proposition and key competitive
differentiators
-Trend Micro SMB programs
-Extending Microsoft Small Business Server 2003 (SBS) with Trend Micro
Client/Server/Messaging Suite for SMB (CSM for SMB)
-CSM for SMB features that work nicely with SBS 2003 server
-The turnkey solution – HP ProLiant server with Microsoft SBS 2003 and
Trend Micro
CSM for SMB as the fastest, easiest, most reliable and least expensive
solution on a
trusted, industry-standard server platform
Register online at:
https://trendmicro.webex.com/trendmicro/myw...961531197605092
********************************************************************************
***
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact .
To unsubscribe from Trend Micro's Newsletters Editor:
http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0
To update your subscription preference, or to change your email address:
http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_U_VB
To view our permission marketing policy:
Copyright 1989-2004 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA
95014
-
hey team i enjoyed those titbits
ive sent them on to a freind.
bit of a change from the norm
good one
marty
-
ok team
success this time ive installed firefox three times so far in this install.is a bit better.
after reading the tutorials from cowsgonemad and hand plane.
it seems to have gone better.i still need to get to grips ith this home page thing.
but im getting better at it.
i installed firefox on my p3.
so i have plenty of sources.for me to p[lay with.
.
later i intend to install a quick browser on the p2
because it has less resources.
i need a small quick browser.
but that is in the future.
however thanks foe every ones input.
but ile be back
again thanks
marty
-
yes i have some chinese friends who are here as students .
and microsoft is selling win 95 and 98 for the eqivelent of $10 dollars
and i thought they had given up on these two sys;s
my greed has become a respectable word now.
marty
-
hi team look what i found.
dont know many it affects .
but it is rampart in places like china
U.S.
E-Mail This Story Printer-Friendly Format
Microsoft's Profit Doubles as Compensation Costs Fall; Sales Growth Slows
Procter & Gamble Earnings Rise 13 Percent, Helped by Asian, European Units
AT&T Shares Jump on Optimism SBC Will Agree to Buy Company for $16 Billion
Microsoft To Begin Blocking Fake Windows Users From Downloads
Jan. 26 (Bloomberg) -- Microsoft Corp., the world's largest software maker, said it will fight piracy by requiring some customers to verify they have a legitimate copy of the Windows operating system in order to download some company programs.
Customers using Czech, Norwegian and Chinese versions of Windows won't be able to use a Microsoft download Web site next month unless they have a valid copy of Windows, said David Lazar, Director for Genuine Windows. Microsoft in February also will expand a voluntary program that rewards customers who verify their Windows by giving them free software and discounts.
Microsoft is trying to fight worldwide software piracy that cost the industry almost $29 billion in 2003, according to a study by the Business Software Alliance. The company hopes free software will convince customers of the value of real Windows, while not being able to download deters would-be pirates.
``This is really a carrot-and-stick approach,'' said Michael Cherry, an analyst at Kirkland, Washington-based market research firm Directions on Microsoft.
The voluntary program, which Microsoft began testing with its English Windows customers in September, consists of an offer on Microsoft's Download Center Web site for free and discounted software in exchange for checking if a user's Windows is real. The Web site performs the check.
Microsoft expanded the program, called Windows Genuine Advantage, in October to include Czech and Norwegian language versions, as well as simplified Chinese, used in the People's Republic of China, and traditional Chinese.
More Languages
As of Feb. 7, Genuine Advantage will be available in 25 languages. Participation will be voluntary for those downloading software, except for the Czech, Norwegian and simplified Chinese versions. Microsoft plans to make verification mandatory in more versions in the future, Lazar said.
Microsoft also will sell Windows at reduced prices to customers in Norway, the Czech Republic and China who claim to have purchased a fake version of Windows XP.
China has the highest software piracy rate in the world at 92 percent, according to the Business Software Alliance, a trade group funded by companies including Microsoft. Norway and the Czech Republic are among the 20 countries with the lowest piracy rates, at 32 percent and 40 percent, respectively.
The U.S. has the lowest piracy rate at 22 percent. Because the U.S. is the biggest PC market, its piracy cost the software industry $6.4 billion in 2003, or 70 percent more than China.
Around midyear, Microsoft plans to require all users of its Download Center and Microsoft's Windows Update site, which rolls out security fixes and additions to Windows, to check that their Windows is legitimate, Lazar said.
Customers will still be able to get security fixes and other ``critical'' updates without the check, he said. Less important updates, such as software to enable a new printer or digital camera to work with Windows, will require customers to verify their Windows, he said.
To contact the reporter on this story:
Dina Bass in Seattle at [email protected].
To contact the editor responsible for this story:
Emma Moody at emoody@bloomberg.
marty
-
hi team well i have egg on my face .
and i feel i didnt take to much notice and also goes to show how .
firefox ignorant i am.
i typed mozilla in the search box and it showed the mozilla browsers .
so i pressed install on the first one i saw
then went to make a cupa and do some chiors.
and guess what im installeng mozilla thunderbird.
but i couldnt stop the install .so i went on with it.
now i found thunderbird hasent got google .which suits me.
but thie version i had on some time ago.
how ever ile perservere with it.
for a wee while.
god i feel embarrassed. after posting in for advice i get the wrong browser.
is this old age memory.they are even spelt different .
maybe ive been with windows to long .
hi earnaldo .
havent heard from you for some time.
sorry bout that guys
marty
-
ok team ive got it on and learning.
ive played around with the customise .
and i think i have the rudiments of it but have along way to go.
i have to get round this google thing .
it seems firefox is an off shoot of google .
google is every where on the thing .
where the hell is mozilla or fire fox.
now this home page thing where do i go to make firefox my home page and leave google in the rubbish bin .
hey guys sorry for whining .
but windows has spoilt me.
has netscape got an operating sys or is it a browser.
i used to have it as a sys once but.that was so long ago .
i think they develope browsers instead of sys.
ok better go to bed .so i can have a fresh mind tomorrow.
thanks team hope to get back again.
marty
-
hey thanks team
this is my third go .
but after reading the tutorial from handplane.
it may not be so complicated.
how ever ile be back for more info
again thanks ;
marty
-
hey team look what i found bill mallinson.
alert
look here i havent scanned it for rubbish tho it has come from a a trusted person
at world start.
i cant seem to get my scanner working properly.
marty
remember this little guy chris perrillo
so if you go in here scan it first .
ive been and avery thing is ok at the moment.
lm
-
hi team recently i installed a new modem.
which happened to be linux compatable.
when i installed it windows wanted me have it verified .by microsoft i didnt want this as i intend to duel boot with linux.
well it wouldnt let me on line i spent hours and hours trying to get on line and it was saying wrong user name and password.which ive used for years .
well i hunted for reasons until i went to, internet options -connections- settings networking-propertys
and for curiosity i checked .client for microsoft.
and i was on at once .
does this make you think who is controling who.
has any one else had this happen to them.
in determined not to let microsoft control my modem.all that time and all i had to do was check a box
p----es me off
marty
-
hi team here is another alert from bill mallenison.
from world start .i saw this some where else .
but it wouldnt hurt to post it again you cant be warned enough when it comes to
scams and rubbish
marty
A mass e-mail posing as a plea for aid to help the victims of last month's Asian tsunami disaster is actually a vehicle for spreading a computer virus, Web security firm Sophos said Monday.
The worm appears with the subject line: "Tsunami donation! Please help!" and invites recipients to open an attachment called "tsunami.exe" -- which, if opened, will forward the virus to other Internet users.
It could also initiate a denial-of-service attack against a German hacking Web Site,
Sophos said, in which the site's server would be bombarded with messages,
putting it out of action.
HEY TEAM THESE ALERTS ARE NEVER GOING TO END
marty
"Duping innocent users into believing that they may be helping the tsunami disaster aid efforts shows hackers stooping to a new low," Sophos senior technology consultant Graham Cluley said in a statement.
Sophos added that it had so far only received a small number of reports of the worm, which it said was not the first to try to take advantage of the Indian Ocean catastrophe in order to spread.
Another worm earlier this month propagated the message that the tsunami was God's revenge on "people who did bad on earth."
And there have been a number of mass emails sent out in an attempt to steal money, many of them versions of the so-called Nigerian Letter scam, to which readers are invited to reply with their details, apparently in order to help transfer large sums of money and receive a cut themselves.
One appears to be from a wealthy Thai merchant suffering from a fatal disease who has lost his family in the tsunami disaster and needs someone to collect millions of U.S. dollars from a European security firm to distribute it to charities.
"I need a God-fearing and trustworthy person that will be able to travel to Europe, to collect this deposit from the security company," the mail reads.
Sophos recommends recipients delete the mails and do not open the attachments.
Thanks
Bill
-
i hope you dont mind me comming onto this thread .
ive just downloaded firefox and in another thread i asked how i get rid of this monster google .
but thankfully Digidave
has answered my Q thanks to both of you.
marty
-
ok guys i botched up the first install.
i was getting these error pages .
and cant find the server .
how ever i reinstalled on my p2
that way if i make a mistake i wont loose my data .
i do have one querry how the hell do i get rid of this google home page ive always regarded it as an overrated blown up hunk of nothing .
in all the years ive had a compt ive always used msn search bar.
for all i need when i first got google some years ago it was full of spyware and when i emailed them they said it had to be paid for .so ive never been there since .
now their greed has set in and they feature on the stock market.
my Q how do i get rid of this monster
other wise im satified with what i can see so far
it is a bit complicated for me at the moment .
but with your help i hope to keep it on
thanks guys
marty
-
hi team it seems firefox.
so i will try it but i will need your advice .
i had it on once but that was a long time ago .
if i recall it was another name then.
how ever ile get back. i hope you guys dont mind.
marty
-
hi team i like to commend the directers of this board for bringing new forums to this board.
i refer to the tutorials forum .
for mugs like me this is great.
in all the years ive been posting to boards this is only the second time iv encountered it when at techtv a poster called Jokers had a web site
it started out as a help board but jokers turned it into a website .
at the time.i needed all the help i could .
what i like about the idea it encourages people to help them selves and depends less on the posters .so thumbs up to tutorials
but havent seen it since.so to beluga.youve made this board .
a learning curve.
marty
-
hi ghorjus.
my bios is
Bios Award Modular bios 51pg.
i havent a clue what this means .
ive searched all through the p3 bios for an option but cant find any thing.
the p2 is straight forward.
a friend said to be able to put this option in a p3 you need to change .
a jumper pin ,but thats beyond me.
in the p2 i can turn my screen on and it goes from welcome screen to
my desk top.not as quick as that of course.but faster than it was.
if i need to see that boot up screen i can always go in and turn it on again.
to think when we were at techtv i wouldnt have thought of these sort of ways to toggle my compt .i like to think ive come a little way since then.
as a side note can you recomend another browser .
ive tried k-meleon and slim browser but they clutter up your tool bar.
thats why i like IE not complicated.
when the end result is the same.ive tried fire fox
but when i reinstalled i didnt bother again
any ideas.
take care my friend
marty
-
hi team ive decided to try another browser.
k-meleon. slim browser. im not that shook on these two.but i know they are fast and k-meleon has a new version .
any suggestions or links.
thanks marty
-
hi chappy welcome.the advantage you have you know so much about compts .
that it wont be any problem to you
god ide love to have your knowledge.
but you do pass it on to us mugs.
as a side note, you are canadian arnt you. well
next year the world indigenous diabetes conference is held in Edmonton.
im not even sure it you spell it like that.how ever im part of that contingent
and im looking forward to it .
so any info about edmonton would be welcome.
you take care my friend.
linux sent me 10 disks of an OS CALLED UBUNTU.
and it is free they will post it to you.
i havent got to grips with it yet .
but if you want these install disks i will post it to you.
lm
i have email address i can contact in canada
lm
marty
-
hi ghorjus
i cant answer your Q i just wanted to say hi.
what about the help files is there any thing there
marty
-
ho team
how do i stop the black display screen in a p3 or higher from booting and displaying your configurations
in a p2 you can set the display to silent in the bios.
and that black display dosent show up
any ideas.
curiosty is the reason .
im posting.
marty
-
hi team bill mallinesan emailed this to me from world start.
so be careful out there .
marty
-
yow shadow thats cool
marty
-
hey thanks guys for your input . itactually blew me when i found this email .
not related to this board and some one trying to tell me what security to use
at first i was a bit chuffed.but now ive read your replys i understand .
i went straight my isp and changed my email adress.
not know ing how to hide the one i use here .
which i didnt need to do.
i hate any one spamming me.
me email should be private .
but i can go in now and change the options .
i appreciate all the posts.
marty
-
To read an HTML version of this newsletter, go to:
havent read the board so im not sure if has been posted yet.we can never be to careful
marty
http://www.trendmicro.com/en/security/report/overview.htm
Issue Preview:
1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Tsunami Worm – WORM_ZAR.A (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Submit your Spam & Suspicious Files for Analysis
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.
************************************************************************
1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 2.363.00
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VR
SCAN ENGINE: 7.500
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VS
2. Tsunami Worm – WORM_ZAR.A (Low Risk)
------------------------------------------------------------------------
WORM_ZAR.A is a mass-mailing worm that uses its own Messaging
Application
Programming Interface (MAPI) engine to propagate. It gathers email
addresses
from Microsoft Outlook, and sends itself as an attachment. It runs on
all
Windows platforms (95, 98, ME, NT, 2000, and XP), and is currently
spreading
in-the-wild.
This mass-mailing worm drops the following files in the Windows folder:
crssr.exe
raz32.exe
tsunami.exe
It then creates a registry entry to ensure that it automatically executes
at
every Windows startup.
The worm propagates via email using MAPI. It gathers recipient addresses
from
Microsoft Outlook, and sends a copy of itself as an attachment. The
email it
sends contains the following details:
Subject:
Tsunami Donation! Please help!
Body:
Please help us with your donation and view the attachment below! We need
you!
Attachment:
tsunami.exe
This worm also also attempts to perform a distributed denial of service
attack
(DDoS).
If you would like to scan your computer for WORM_ZAR.A or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free, online virus scanner at:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VT
WORM_ZAR.A is detected and cleaned by Trend Micro pattern file
#2.359.00
and above.
For additional information about WORM_ZAR.A please visit:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VU
3. Top 10 Most Prevalent Global Malware
(from January 14 to January 20, 2005)
------------------------------------------------------------------------
1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. EXPL_DHTML.GEN
5. WORM_NETSKY.D
6. SPYW_GATOR.D
7. SPYW_GATOR.C
8. WORM_NETSKY.B
9. SPYW_GATOR.B
10. WORM_NETSKY.C
4. Submit your Spam & Suspicious Files for Analysis
------------------------------------------------------------------------
Found a file on your computer, with a strange name, and it's not detected
as
malware? Tired of getting spam email? Send it to us, for our engineers to
analyze.
Submit your spam for analysis:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VW
Submit a suspicious file or undetected virus for analysis:
http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VY
********************************************************************************
***
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact .
To unsubscribe from Trend Micro's Newsletters Editor:
http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0
To update your subscription preference, or to change your email address:
http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_U_VU
Piracy
in On The Web
Posted
im afraid i have to agree with bearskin.
but what alternative have the ordinary user have
win is easy to use and very user friendly .
my grand daughter who is ten can operate it .
that is why there is 60.000.000.
known users .
this has been an age old argument.
i have .
mandrake 10.
mandrake 9.1.
lycoris.
and now ubuntu
and cant use them because no where has linux given easy access to configuting .
the modem.
and with out being on line .
what the hell is the use of an os .
if you cant get on line.
dial up users.
have the biggest problem.
to be able to configure the modem.
it has to be done through the console to extract the driver .
but how many run of the mill users know these command.
i tried to get info from the linux forum on this board .
but i was treated as an ignorant.
get to know your os .
so i gave up.
that is why most people use win.
not every one is an expert.
i think only the exclusive few can use it .
i read the historey of linux and the developers started out with that idea
of making it exclusive.to be used by the experts.
and im afraid im no expert.
so i have to go back and use winxp weather i like it or not.
and there are millions like me .
marty