Another Virus Warning

**CharlesW** · 01-23-2007, 10:08 PM

Norton just sent me an e-mail about a virus "Trojan.Peacomm" that seems to be quite a threat.
One thing I wanted to point out is the reference to attachments.
"The victim is enticed through social engineering techniques to open an attachment, which typically appears to be a video clip on a recent, newsworthy event."
This is why I don`t open attachments even when I know the sender. Almost all and possibly even all viruses are contained in an attachment.
My crude reasoning is simply that if I don`t open any, I won`t open one I will regret.

Charles

**Poorboy** · 01-23-2007, 10:18 PM

Originally Posted by CharlesW

Norton just sent me an e-mail about a virus "Trojan.Peacomm" that seems to be quite a threat.
One thing I wanted to point out is the reference to attachments.
"The victim is enticed through social engineering techniques to open an attachment, which typically appears to be a video clip on a recent, newsworthy event."
This is why I don`t open attachments even when I know the sender. Almost all and possibly even all viruses are contained in an attachment.
My crude reasoning is simply that if I don`t open any, I won`t open one I will regret.

Charles

I agree

I usually don`t open attachments unless it`s from a known friend

**audiboy** · 01-23-2007, 10:27 PM

I`ll only open them from friends and only with my msn account. It has McAffe virus protection. It`s located a few viruses in the past and saved my computer.

**TiredNGrouchy** · 01-24-2007, 03:20 AM

Originally Posted by Poorboy

I agree

I usually don`t open attachments unless it`s from a known friend

You have smarter friends than I do. Mine forward all kinds of crap to me.

**Stephan** · 01-24-2007, 06:52 AM

I got the same email...I also never open anything that I don`t know who its from. Luckily for me my brand new computer decided to off itself yesterday so...I don`t have to worry about it anytime soon.

**Poorboy** · 01-24-2007, 07:57 AM

Originally Posted by TiredNGrouchy

You have smarter friends than I do. Mine forward all kinds of crap to me.

Not really

I just wait a day or two before openning just in case it crashes their computer first

**CharlesW** · 01-24-2007, 08:17 AM

Originally Posted by TiredNGrouchy

You have smarter friends than I do. Mine forward all kinds of crap to me.

Many of both my wife and my friends do the same.
About twice a year, I send them a blanket e-mail telling them that we don`t open attachments and very rarely will forward any e-mail. It doesn`t seem to make any difference. They just keep on coming.

I sometimes wonder if my dire financial straits, my poor health, the state of the economy, maybe even the gas prices are the result of all the bad things that I am told will happen if I don`t forward the message to at least 11 people in the next 6 seconds.

Actually, I knew it didn`t help after my Nigerian funds were tied up by their government just prior to my contact sending the 10 million dollars to me as promised.

Charles

**CharlesW** · 01-24-2007, 09:00 AM

On a side note.
A couple of things I do to help with the spam and virus problem:
1. The HTML.graphics are disabled in my yahoo e-mail. It is my understanding that the senders can tell if an e-mail is opened through the HTML.graphics. If they aren`t activated, the sender doesn`t know you are reading their e-mails. If you read or respond to any of them, you can be sure you will get lots more.
2. I have an address in my address list consisting of all a`s. If a virus should jump into my address list and send to all of the names there, I should get a bounce back from the aaaaa address immediately. I can`t do anything about it, but I would know something happened and could notify everyone on my address list that there might be a problem.

Many viruses are spread inadvertantly between friends. They don`t do it on purpose, it`s just there and they don`t know it.

Charles

**GearHead_1** · 01-24-2007, 09:56 AM

I have no friends, receive no email therefore I have no problem.

Life is much simpler this way.

**Beemerboy** · 01-24-2007, 10:30 AM

I work in the anti spam industry and its a real low life area of the net, spammers are trying to do one thing, take your sensitive info or infect your PC.

What I have learned over this last few weeks with these guys has really been an eye opening to me.

In some cases by just clicking on a message it will send back a conformation of that recite and IP info allowing them to use your server for spamming. You won`t even know that they are there!

I will post some links to sites on the subject today, you can read what this underground world is doing.

**Beemerboy** · 01-24-2007, 12:36 PM

By Gregg Keizer
InformationWeek

Jan 23, 2007 03:43 PM

The Trojan horse that began spreading Friday has attacked at least 1.6 million PCs, a security company said Tuesday.

In addition, it appears that Windows Vista, the new operating system Microsoft will launch next week, is vulnerable to the attack.

Originally dubbed the "Storm worm" because one of the subject heads used by its e-mail touted Europe`s recent severe weather, the Trojan`s author is now spreading it using subjects such as "Love birds" and "Touched by Love," said Finnish anti-virus vendor F-Secure. The Trojan, meanwhile, piggybacks on the spam as an executable file with names ranging from "postcard.exe" to "Flash Postcard.exe," more changes from the original wave as the attack mutates.

The first several spam blasts of the Trojan -- which was named "Peacomm" by Symantec -- came with current event subject heads, including ones claiming to include video of a Chinese missile attack or proof that Saddam Hussein lives, and bore attached files such as "video.exe."

"Peacomm has, not surprisingly, evolved. The attachments have new filenames, some files [dropped onto the PC] have changed, and the subject lines of the spam are also changing," noted Amado Hidalgo, a researcher with Symantec`s security response group, in an entry on the team`s blog.

By Symantec`s reckoning, Peacomm is the most serious Internet threat in 20 months. Monday, it raised the alert level to "3" in its 1 through 5 scale; the last time the Cupertino, Calif., security software developer tagged a threat as "3" was for Sober.o in May 2005.

So far, Symantec has received 1.6 million detection reports from its sensor system. "This means Peacomm has hit 1.6 million systems in the past seven days," a company spokesman said in an e-mail. An accurate number of infected machines is not yet known.

The most recent variants of the Trojan include rootkit cloaking technologies to hide it from security software, said both F-Secure and Symantec. The latter, however, pointed out that flawed rootkit code voids some of the Trojan maker`s plans. "The rootkit service can be stopped by running a simple command: net stop wincom32. All files, registry keys, and ports will appear again," said Hidalgo. A personal firewall also offers some protection from the rootkit, as it will warn you that the Windows process "services.exe" is trying to access the Internet using ports 4000 or 7871.

Peacomm`s turn to rootkits brought out comparisons to Rustock, a year-old family of Trojan horses that has become a model of sorts for hackers. Rustock, as Symantec warned in December 2006, relies on rootkit technology, but adds an ability to quickly change form as another evasion tactic.

"It`s similar to Rustock," acknowledges Dave Cole, director of Symantec`s security response team, "but [Peacomm is] not nearly as technically sophisticated."

As with most large-scale Trojan attacks, the goal seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.

Symantec`s researchers said that PCs hijacked by Peacomm send "tons and tons of penny stock spam" in a typical pump `n` dump scheme. "During our tests we saw an infected machine sending a burst of almost 1,800 emails in a five-minute period and then it just stopped," said Hidalgo. "We are speculating that the task of sending the junk e-mail is then passed on to another member of the botnet."

Windows 2000 and Windows XP are vulnerable to all the Peacomm variations, but Windows Server 2003 is not; the Trojan`s creator specifically excluded that edition of Windows from the code. Symantec`s Hidalgo took a guess why. "We presume the malware writers didn`t have time to test it on this operating system."

Microsoft`s soon-to-release-to-consumers Vista, however, does appear at risk, added Symantec Tuesday. "It appears most if not all variants could execute on Vista," the spokesman said. "The only way the Trojan would be unsuccessful is if somehow Vista is able to detect/prohibit the e-mail. This seems unlikely."

Anti-virus companies have updated their signature databases with fingerprints that identify and then delete (or quarantine) the Trojan as it arrives. Other defensive advice includes filtering traffic on UDP ports 4000 and 7871, update anti-spam products, and configure mail gateways to strip out all executable attachments.

**jmillican** · 01-27-2007, 12:01 AM

Originally Posted by CharlesW

Actually, I knew it didn`t help after my Nigerian funds were tied up by their government just prior to my contact sending the 10 million dollars to me as promised.

Charles

Check out this site and you may learn some tips on how to get your money after all.
3rd Annual Nigerian EMail Conference
3rd Annual Nigerian EMail Conference