CastleCops®

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

CastleCops®: Worms

[ Go to Home | Select a New Topic ]

New Graphic Site? Don`t believe it.

seafsee writes "Thousands of users of the free Yahoo mail received an email this morning telling of a new graphic site. If you see it in your inbox. DO NOT OPEN IT!
Unlike other worms and viruses, no user interaction such as clicking on a link is required to unleash the worm.
Symantec has advised users to upgrade to the new BETA Yahoo mail system which seems to be impervious to the worm Just opening this message will unleash it. Furthermore, you are advised to block this email address in your filters av3@yahoo.com.
-- See Yahoo news for full story HERE.
Related Story
"

Posted by Paul on Wednesday, 14 June 2006 @ 08:17:34 UTC (2879 reads)
(Read More... | 3 comments | Score: 1)

New worm relies on old trick

cj writes "There are a lot of people who are going to be very unhappy on the third of February, said Professor Merrick Furst from the Georgia Tech College of Computing. That's when the Kama Sutra computer worm will begin destroying critical files on infected computers"

Posted by Paul on Wednesday, 01 February 2006 @ 12:26:47 UTC (1783 reads)
(Read More... | 650 bytes more | comments? | Score: 0)

Beware!: Kama Sutra/Blackworm Worm Timebomb

There is a new mass mailing worm that has been infecting many users. Going by some different names, its best known as the Blackworm or Kama Sutra. On February 3rd, this worm is scheduled to overwrite the following file types with bogus data:

*.DOC

*.XLS

*.MDE

*.MDB

*.PPT

*.PPS

*.RAR

*.PDF

*.PSD

*.DMP

*.ZIP

Feb 3rd is just the beginning, because its scheduled to activate on the 3rd of every month. Once someone is infected, the worm visits a webpage at rcn.net to increment a counter. This counter theoretically displays the number of infections. As of the article, that counter states:

Posted by Paul on Wednesday, 25 January 2006 @ 00:10:06 UTC (29448 reads)
(Read More... | 6297 bytes more | 1 comment | Beware! | Score: 4.66)

Reminder: Sober.X - New malware updates scheduled Jan 5, 2006

quietman7 writes "W32/Sober.X is a bi-lingual (English and German) mass-mailing worm which began propagating on November 15, 2005 by spreading through email attachments. The worm sends itself to email addresses found on the infected computer and was responsible for one of the largest email outbreaks during the year.

According to US-CERT, the worm has a functionality that could allow it to automatically update itself by using its own SMTP engine to propagate. The worm will attempt to update itself on or around January 5, 2006. After this date all the infected machines will regularily try to download and run a file from a website, forever.

US-CERT strongly recommends that users and administrators implement the following general protection measures:

* Install anti-virus software, and keep its virus signature files up-to-date.
* Do not follow unsolicited web links.
* Do not execute attachments received in email messages, even if sent by a known/trusted source.
* Keep up-to-date on all security patches and fixes for your operating system.
* Visit the US-CERT Computer Virus Resources for additional information.
"

Posted by Paul on Friday, 30 December 2005 @ 11:41:31 UTC (1183 reads)
(comments? | Score: 5)

Worm Propagating On AOL Instant Messenger Installs Rootkit

FaceTime Security Labs Warns Organizations Against Malicious Executable

Foster City, CALIF � October 28, 2005 - FaceTime Security Labs identified and reported a new threat being propagated through the AOL Instant Messenger (AIM) network. The worm is being passed through instant messages from members on a user�s Buddy List and within AOL chat rooms. FaceTime researchers confirmed today that the W32/Sdbot-ADD - identified previously by including an adware bundle � also includes the lockx.exe rootkit file. The executable provides an attacker with the capability to upload, download and monitor the infected host. Furthermore, the executable attempts to shut down anti-virus programs and leaves a backdoor on the host PC to install additional software.

Who is affected: All AIM PC users are at risk by new IM exploit.

Posted by Paul on Wednesday, 02 November 2005 @ 01:49:18 UTC (2218 reads)
(Read More... | 2976 bytes more | comments? | Score: 0)

Login

· New User? · Click here to create a registered account.

	Toolkit

	· Email Virus Scan · UDP Port Scanner · TCP Port Scanner · Trojan TCP Scan · Reveal Your IP · Algorithms · Whois · nmap port scanner

	Link To Us

	More Banners

	Antiphishing

	Microsoft MVP

	Anti-Spyware Coalition

	CastleCops is an Anti-Spyware Coalition Member.


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 176ppm 0.142s (0.007s) Making cybercriminals unhappy since 2002*