HOWDY!

.......this is ORTRACKM's

Virus Alerts Page

Most viruses that are transmitted over the Internet are spread via e-mail attachments.
Please read the following pages to protect yourself from this very real and damaging threat. (more)

NEW: Security Advisory! January 26, 2004 January 22, 2004	KLEZ Virus How to help prevent Viruses Virus Hoaxes	VIRUS warnings 2003 CRITICAL UPDATES How to disable System Restore

Tip of the week	Firewall Basics	Free AVG Anti Virus Download

For more information, check your antivirus vendor's website:

For AVG Anti-virus: http://www.grisoft.com/html/us_index.php

For McAfee: http://www.mcafee.com/

For Norton: http://www.norton.com/

For RAV Anti-virus: http://www.ravantivirus.com/content/

Latest Advisory
October 29, 2004

W32.Beagle.AV@mm

W32.Beagle.AV@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm will open a backdoor on TCP port 81.

Notes:

Due to an increased rate of submissions, Symantec Security Response has raised the category rating to level 3.
Live Update definitions with sequence number 37860 or greater will detect this threat.
Keep your Anti-Virus Updated

Also Known As:	Win32.Bagle.AQ [Computer Associates],
	W32/Bagle.BC.worm [Panda]
	WORM_BAGLE.AT [Trend Micro]
	Bagle.AT [F-Secure]
	W32/Bagle.bb@mm [McAfee]
	W32/Bagle-AU [Sophos]
	I-Worm.Bagle.at [Kaspersky]
	W32/Bagle.AQ@mm [Norman]

Type: Worm
Infection Length: Varies
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Removal Tool is available at Symantec (Norton)

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@mm.html

:: More Advisories :: Back to the top ::

The spread of computer viruses over the past few years has accelerated profusely.
New viruses appear almost daily. The increase of e-mail and use of the Internet offers more ways to get infected as well. Sometimes, new viruses introduce new technologies and approaches. The changes in the world of computer viruses can be very significant in a short time. You should update your anti-virus programs at least once a month.
So please check any warning Emails that tell you, that you could have a virus. With the Virus Hoaxes or HoaxBusters web sites listed in the drop down menu above this text. If you keep your anti-virus software updated. This is one of the best defenses against viruses.

Virus Hoaxes

There are a lot of viruses out there. But some aren't really out there at all .
Virus hoaxes are more than mere annoyances, as they may lead some users to routinely ignore all virus warning messages, leaving them vulnerable to a genuine, destructive virus.

Next time you receive an urgent virus warning message, be sure to check the list of known virus hoaxes.
(Drop down Menu above will take you to the Virus Hoaxes Links)

Remember: Never open an email attachment unless you know what it is
--even if it's from someone you know and trust.

Remember that virus writers can use known hoaxes to their advantage.

For example, AOL4FREE began as a hoax virus warning. Then somebody distributed a destructive trojan attached to the original hoax virus warning!

Back to the Top

HOW TO FIGHT VIRUS HOAXES

Don't believe everything you read on line, especially if it is sent to you via email.
Always verify the source of information before you accept the information as real.
Always check with other sources to corroborate the story before you believe it
Don't forward virus warnings. If you want to inform your friends about a virus, send them the URL of an article about a virus that's posted on a reputable site.
If a virus issue is real, everyone of the major Anti-Virus vendors (such as Symantic/Norton, Trend Micro, McAfee, Grisoft/AVG, and so on) will have details about it within hours of its discovery.

On our drop down menu above, has the links to Hoaxes or Anti-Virus companies,
or simply type it in to a Google search.

What You Should Do to Prevent Viruses

1. Update your current antivirus solution.

2. Here are the best practices to help your anti-virus program.

These include:
Running a current antivirus program.
Not executing attachments from unknown persons.
Not executing attachments, even from known users, unless you are
expecting one or have verified there should be one.
Checking both your operating system and antivirus vendor's websites for
updates on a regular basis (at least once a week is highly recommended).
How To verify an attachment is not a virus (Click Here)

For more information, check your antivirus vendor's website:

For AVG Anti-virus: http://www.grisoft.com/html/us_index.php

For RAV Anti-virus: http://www.ravantivirus.com/content/

For McAfee: http://www.mcafee.com/

For Norton: http://www.norton.com/

Back to the top

Advisories

January 26, 2004

Mydoom or Novarg

There's another new worm out there that some of you have heard about in the news (MyDoom or Novarg). It comes in an email message. Please delete these messages without opening.
The email will have the following characteristics:
From: may be a spoofed from address
Subject: (one of the following)
* test
* hi
* hello
* Mail Delivery System
* Mail Transaction Failed
* Server Report
* Status
* Error
Message: (one of the following)
* Mail transaction failed. Partial message is available.
* The message contains Unicode characters and has been sent as a binary attachment.
* The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
For more information on this worm see the links above or
http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@m

January 22, 2004
Identity Theft

We have received a couple of messages from some of the users asking about emails they have received.
Below is how the actual Email looked
Do not open anything (and attachment or a click here) in this message.
As you will be unloading a virus into your machine
or it might be away to get your credit card information?
ORTRACKM does not have a Accounting Dpt.
(notice the spelling of Dpt & withing)

Subject: Billing Notice From ortrackm.missouri.org 's Accounting Dpt

*** ortrackm.missouri.org 's accounting dpt notice ***
Internet Billing Notice
Please press "open" and read the attached Billing Notice.

Note if you do not read this withing 24 hours we at ortrackm.missouri.org regret we will have to terminate internet service.

If you should get one of these Emails Here's what we need you to do,
click on the message then go to "File" and click on "Properties"
then "Details" and then "Message Source" now I want you to "Highlight" only the Bold print at the top of the message.
Press and hold Ctrl then press c, this will copy the highlighted text

When this is done close out the message source window, then close the message properties page. You are back to Main Outlook Express page.

Now open a new message and address it to,
ortrackm@ortrackm.missouri.org

In the subject line type "Spoof Header" now click in the
message box like you are going to write an Email,

Press and hold Ctrl then press v,
this will paste the header information
in to the message.
Click send.
We need this header information so that MORE Net Security can work it

Back to the Top

Klez Worm

New variants of the Klez worm have been detected in the wild and are
spreading at a very high rate. These variants include Klez.G and Klez.H. An
increasing number of customer sites are reporting infections with this worm.
Klez also attempts to drop the virus W32.Elkern. Elkern causes systems to crash

and can destroy all files on locally connected drives

Message Details

Klez searches for e-mail addresses in the Windows address book (WAB), the
ICQ database and local files. It then sends a copy of itself to any e-mail addresses it harvested.

The subject line, message body and attachment names are random.

The From address is chosen at random from e-mail addresses harvested from an infected system,

causing a non-infected user to appear to be the person who has sent the worm, effectively hiding the real sender. The full headers, however, will list the real infected user

Current antivirus software should detect and remove the worm. If Klez has
disabled your antivirus software, you may have to remove the worm manually.
Check your antivirus vendor's website for complete instructions.

Possible subject lines:	Possible subject lines:
Undeliverable mail--"[Random word]" Returned mail--"[Random word]" a [Random word] [Random word] game a [Random word] [Random word] tool a [Random word] [Random word] website a [Random word] [Random word] patch [Random word] removal tools how are you let's be friends look,my beautiful girl friend welcome to my hometown japanese lass' sexy pictures spice girls' vocal concert welcome to my hometown	sos! honey the Garden of Eden introduction on ADSL meeting notice questionnaire congratulations some questions japanese girl VS playboy eager to see you so cool a flash,enjoy it your password please try again darling

The random word will be one of the following:

new

funny

nice

humour

excite

good

powful

WinXP

IE 6.0

W32.Elkern
W32.Klez.E
Symantec
Mcafee
F-Secure
Sophos
Trendmicro
Kaspersky

How to prevent a virus

Back to the Top

Verifying Attachments

How to verify an email with an attachment is not a virus in OUTLOOK EXPRESS.

Have the message selected, Click on the following commands.

File, Properties, Details Tab, then Message Source

Open up the message source Window, then start at the top of the headers going down. If you find these (below) in your Email DON'T OPEN

.scr
.exe
.cmd
.bat
.zip

With the increased amount of Viruses some can be .html.
This is the way of the advertising emails come also.
Use your own judgment

Back to the Top

The lessons are clear:
Always remain vigilant
Never open a suspicious attachment

Keep your Anti-virus software updated

Back to the Top

This page has been accessed 8866 times!

Most of this information was gathered from Web sites from McAfee, Norton, Grisoft
and what I have learned from Dan. We welcome your comments...please

at ortrackm@ortrackm.missouri.org

Or call the Help Desk at 417-778-7523
Outside of Alton Area 1-888-763-3329
Open Monday through Thursday
8:30 AM to 5:30 PM

Updated 01/07/05