Virus Alerts

Virus Alerts


You are Here: >> Home > News & Info > Virus Alerts
Site Content: CoreValues Services Contact Us News & Information Statistics Customer Comments Web Based E-mail Getting Started Technical Support Wireless Information Auvy Memorial Member Pages	News & Information News Briefs Spamming Virus Alerts Sun City Information System Status
Internet Gateway Virus Alerts:

NEW STRAIN OF THE LOVE BUG VIRUS A new strain of the Love Bug Virus is on the loose. This new virus is more dangerous than the last because the subject changes each time the email is sent. For full details see www.mcafee.com. *Love Bug Virus Update 5/10/00* We are continuing to monitor this virus and are doing what we can to stop it from coming through our system. Because of the way the virus has mutated with the different subjects and such we can't block them all. We therefore strongly suggest that you make sure your anti-virus software is kept up to date. For the latest information on this virus check out www.mcafee.com. Keith *New Virus On The Loose 5/4/00* A new virus has hit hard today (Thursday, May 4th). East Coast and Central Time Zones are in full swing with it, Mountain and Pacific still have some time to watch for it before it hits full-force. Do Not Open Emails With The Subject "ILOVEYOU" Delete the message. It contains an attachment in Visual Basic that will remail to all of the your contacts. Unlike the previous versions, this one will not stop at the first 50 or 100, but rather your entire contact and mail list. See http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html That site is nearly unreachable due to traffic, so here is the text: VBS.LoveLetter.A This is an email worm, mIRC worm, and file infector. Also known as: Category: Worm Infection length: 10307 Virus definitions: Pending Threat assessment: Damage: High Distribution: High Wildness: High Wild Number of infections: More than 1000 Number of sites: More than 10 Geographic distribution: High Threat containment: Moderate Removal: Moderate Damage Payload: Large scale e-mailing: All the addresses in Microsoft Outlook address book Degrades performance: May clog mail servers Distribution Subject of e-mail: ILOVEYOU Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs Size of attachment: 10307 Technical description: This is a preliminary writeup. The information contained within is to provide as much information as possible at this time. VBS.LoveLetter.A is an email worm, mIRC worm, and a file infector. VBS.LoveLetter.A will use Microsoft Outlook and email itself out as an attachment with the above subject line and attachment name. The body of the message will be kindly check the attached LOVELETTER coming from me. The virus will also infect files with the following extensions: vbs, vbe, js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, and mp2 The virus will drop the following files: MSKernel32.vbs in the Windows System directory Win32DLL.vbs in the Windows directory LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows System directory WinFAT32.EXE in the Internet download directory WIN-BUGSFIX.EXE in the Internet download directory script.ini in the mIRC directory SARC recommends Administrators filter on the attachment name and Subject line immediately. This writeup will be verified and formalized within the hour. Removal: Delete found infected files. Write-up by: Eric Chien Updated: May 4, 2000
New Virus Recently Released 06/12/99 Ahh; life just wouldn't be the same without computer viruses, and to keep that merry spirit alive, unidentified malicious coders have just created a new one that is rapidly spreading across the Net. This new virus is the EZ worm, or the ExploreZip worm, and only affects Win95/98 users. This worm utilizes Microsoft Outlook, Outlook Express, and Exchange to do its dirty work. The virus is sent as an executable attached to letters that are replies from infected machines. The message says something like: Hi! I got your email, and I will reply ASAP. Until then take a look at the zipped documents. Upon running the exe, it infects the machinie, searches all local and networked drives for files of the following extensions .h, .c, .cpp, .asm, .doc, .ppt, or .xls, and deletes all such files. The virus also adds itself into the win.ini files, and attaches itself as a reply to all new emails in your inbox, then mails itself out as shown above. If you believe you are infected with this virus, Symantec.com has released information for a fix for the virus located here. Thanks.
Happy99 Worm Going Through Email and Newsgroups A few of you have received emails with an attachment named "happy99.exe." This attachment is a worm program. First, it displays some fireworks with the message "Happy New Year 1999"to distract the user while it copies itself as "SKA.exe" and extracts a DLL (Dynamic Link Library) named "SKA.dll" into the /Windows/System directory. It also modifies the "WSOCK32.dll" file and copies the original file as "WSOCK.SKA". WSOCK.dll is part of your WinSock program, and it handles internet connectivity in Windows 95/98. It's programmed to send/post a new article/message of itself to someone else from you while you are online with the Happy99.exe file as an attachment. For information on removing the worm, visit the symantec.com website's article on Happy99. Thanks. Patches For Microsoft Products Some of you may have read about the recent security holes in some Microsoft Products that were listed in an article inside of the Austin American Statesman. Microsoft has released some patches for some of these holes. If you are interested, and would like to read about them, or download the patches, go here. Thanks, and as always, please send your Internet surfing and security questions to Garret Van Burace Back Orifice We here at Internet Gateway, Inc. have found that a nasty "virus" named the "Back Orifice (BO)" is going around through emails, file transfers, downloads, and online greeting cards. The Back Orifice Program allows someone complete near undetectable control of any infected computers running on Windows 95/98. Computers running on any other OS, (Windows NT, Macintosh, etc.) are NOT vulnerable to this virus. ONLY Windows 95 and Windows 98 systems can be infected and controlled. We have tested this program out at the office, and it works like a charm. The program operates somewhat like this: you run an application that is infected with the BO "server", the server installs itself in your computer (default is C:\Windows\System\ .exe) and then deletes itself from the program you originally ran. The default name of the server is " .exe" or "Spacebar.exe". (This can be changed however). Once infected your computer can be found through a "sweep" of pings to our server, and then your computer. The Back Orifice Server on your system will then reply with a "pong" giving your IP address and system name to the sweeper. From there he can gain control of your computer and do anything you can do, and something's you can't do, including: view cached passwords (Windows caches your passwords in an attempt to keep you from forgetting them), format hard drives, lockup system, reboot system, view files, establish a remote keylog, and more. Do not panic however, our system itself is NOT vulnerable to the Back Orifice virus, just our end-users running on Win 9x. Furthermore, we have NOT found anyone infected on our server yet. To get rid of the virus, you can download BO Detect v.201 free of charge here or here, or you can perform a free online house call and search for ALL virus's (not just the Back Orifice) by going here. Also, any virus scanners/shields you have installed (Norton, McAfee, etc.) will NOT find the Back Orifice. We have caught people sweeping our system in hopes to find an infected computer, and let us assure you that they were sorely disappointed as we logged their IP address, and notified their servers. We will continue to notify the ISP's of anyone caught sweeping us with the Back Orifice. To those of you using our service, do NOT try to sweep our users. We monitor the ports, and we DO see the Back Orifice packets. If you're caught sweeping us, you will hear from us pronto! Rest assured as well if we find that any of you have an infected computer, we will notify and assist you in getting rid of BO. If you have any questions or comments please send them to Keith or Garret.