New computer virus going around

Make sure your anit-virus and anti-malware is up to date.

http://www.cbc.ca/consumer/story/2010/0 ... virus.html

http://www.examiner.com/online-marketin ... ve-a-virus


US-CERT recommends that you take more caution with your e-mail than usual, advising not to click on links in unsolicited e-mails, to install anti-virus software and frequently update it, and to turn off an option on your computer that automatically downloads attachments.

Security experts from Norton advise additional, more extreme steps you can take, such as disabling network sharing and disconnecting infected computers from the local network. If you've already gotten a "here you have" e-mail, the company suggested blocking outbound traffic to the domains or IP addresses contained in the e-mail to prevent users from connecting to distribution sites to download.

But the easiest way to protect yourself from this and other viruses is the simplest: Make sure you're running an anti-virus program and make sure it's up to date. PCMag.com security analyst Neil J. Rubenking agreed, stressing the importance of your own actions in keeping you safe.

"People! DO NOT click links in e-mail messages from unknown people. DO NOT even click links in e-mail messages from your friend, since the real source of the message might be a virus. DO keep your computer protected with an antivirus or a security suite," he wrote in an entry on the Security Watch blog.


http://www.foxnews.com/scitech/2010/09/ ... ect-virus/

My email has been hijacked. I have hotmail and never had a problem till recently. Now it looks like I am spamming everyone I have ever emailed. It doesn't show in my sent mail. I have scanned my computer with everything I can think of. I changed my password but since it really isn't coming from my account it may not work.


Has anyone else heard of this?

Stormynights wrote:I have scanned my computer with everything I can think of.

Such as?

GumbyCT wrote:

Stormynights wrote:I have scanned my computer with everything I can think of.

Such as?

My antivirus, spybot, the malicious tool thing from microsoft.

Stormy go to your hotmail page, check the box next to the offending email, go down to the bottom of the page and click on "Mark as", then click on "Phising scam". I had the same problem with hotmail. It stopped the problem.

kempo wrote:Stormy go to your hotmail page, check the box next to the offending email, go down to the bottom of the page and click on "Mark as", then click on "Phising scam". I had the same problem with hotmail. It stopped the problem.

The only ones I get are the ones that were returned because of the email address is obsolete. These are the ones I apparently sent.

Two free programs.
Hijackthis from Trend Micro > Run and create a notebook log file. Submit log to hijackthis log analyzer V2 from hjt.networktechs.com. Also superantispyware. If the virus blocks these sites. goto a differant PC, download the software to a USB drive and carry to infected PC. You might also have to run these programs in Safe Mode to clean.

Get a Mac.

Stormy,

That happened to me this week, too.

OutaSync wrote:Stormy,

That happened to me this week, too.

Do you have hotmail? What did you do? It is very embarrassing.

Yes, I have hotmail and it was VERY embarrassing! I immediately changed my password. I found out that my computer at work had some kind of bug that won't even let Norton scan it. Fortunately, we have IT people for that, as I don't know much about this kind of stuff. For instance I was told to upgrade my encyption from WEP to WAP. Say what?

Had you posted on craigslist? I'm wondering if that is a connection.

Stormy, it happened to me too. I changed my password, and emptied my address book and list of people i had emailed, but only after sending a real email to the same list, saying that my account had been hacked, and to ignore any strange emails from me. I also wound up sending a message to hotmail regarding it, because in the course of changing my password, I got locked out of my account. I rarely use my hotmail account anymore, anyway, so you could always think about switching to gmail or yahoo, both of which i have emails with and have not had a problem,

I recieved this warning at work

Supposedly Wide-Spread Email Worm Making Headlines
"Here you have" Email contains fake and malicious PDF or WMV links
Severity: Medium
10 September, 2010

Virus/Worm Summary:
Subject lines to avoid: include "Here you have," or "Just for you," and "This is the Free Dowload (sic) Sex Movies, you can find it Here"
Malicious email attachment: contains supposed links to PDF or WMV files, which actually link to malicious .SCR files
Impact: Spreads via your email contacts and through network shares. Infects your computer with various malware, and potentially steals information
What to do: Make sure you are using updated antivirus software, and block .SCR files at your gateway (see below for details)
About the Virus:
Late yesterday, various antivirus (AV) vendors began receiving reports of a new mass-mailing email worm, generally called VBMania, which arrives with various subjects including, "Here you have." Today, others in the press have jumped on the bandwagon and published many shrill reports [ 1 / 2 / 3 ] that describe this worm as an outbreak and suggest it has flooded inboxes worldwide. While we don't doubt that attackers have aggressively seeded this malicious email using spamming techniques (and likely a botnet), we haven't yet seen the worm in our own inbox. There are reports of it affecting some well known companies. However, it doesn't seem to be as wide-spread as the big worms of the past (Nimba, etc). In fact, most antivirus (AV) companies still only rate this worm as only a medium risk. While you should make yourself, and your users, aware of this new worm, it doesn't offer reason for panic.

Unfortunately, the lack of coordination among AV vendors' naming conventions makes it difficult to track these worms. While the media generally refers to this as the "Here you have" worm, AV vendors have given this worm a variety of names including:

Email-Worm.Win32.VBMania.a (Kaspersky)
W32/VBMania@MM (McAfee)
W32.Imsolk.B@mm (Symantec)
Gen:Trojan.Heur.rm0@fnBStPoi (F-Secure)
W32/Autorun-BHO (Sophos)
WORM_MEYLME.B (TrendMicro)
For simplicity sake, we will refer to this worm as VBMania.

Distinguishing Characteristics
Despite the media hype surrounding this new worm, it doesn't seem to use any new techniques that would allow it spread any more quickly than a typical email worm. In fact it seems to call back to older malicious email techniques, some saying it shares similarities with the older ILoveYou and Anna Kournikova worms from 2000 and 2001. We describe some of VBMania's distinguishing characteristics below.

VBMania arrives as an email with the following Subject lines:

Here you have
Just for you
This is The Free Dowload Sex Movies,you can find it Here.
The body of the worm contains some text describing either a document or movie. It also includes a link to what appears to be a PDF document or WMV movie file. However, if you actually click the link, it attempts to get you to download a malicious .SCR screensaver file. An example of the malicious SCR file might include:

PDF_Document21_025542010_pdf.scr
If you run the malicious .SCR file it:

Copies itself to the Windows directory as CSRSS.EXE (not to be confused with the real CSRSS.EXE in your Windows system directory) and adds registry entries to make sure it can restart after your next reboot
Sends itself to your email contacts and IM buddies
Copies itself to mapped drives and removable USB media (uses AUTORUN tricks as well)
Tries to lower your computer's security by disabling many popular security applications
Downloads and installs various malware (likely including a botnet trojan)
Steals sensitive information (including passwords from web browsers)
VBMania doesn't really use any tricks that you haven't seen before. You should have no problems distinguishing this worm in your inbox, and avoiding it. However, attackers seem to have spammed this worm very aggressively. If one of your users does accidentally run its malicious file, they could cause a lot of damage to your network. Make sure to inform your users of this new email worm so they know to avoid it. However, you don't need to panic over this new threat, despite what the media may suggest.

What you can do
As always, remind your users never to open unexpected attachments or click on unexpected web links from any source. Inform them that most modern viruses falsify the "From" field and can appear to come from friends, co-workers, or other trusted parties.

Most major antivirus vendors already have signatures that detect this worm. Check with your vendor for the latest update.

Educate your users by downloading and presenting the new SecurityWise module, "E-mail Safety in the Age of Cybercrime." This resource is available free of charge, exclusively to LiveSecurity Service subscribers.
XTM appliance owners should follow the steps below. The SMTP or POP3 proxy can help.

For all XTM users:
If you manage a WatchGuard XTM appliance, it can protect your network in many ways:

If you have spamBlocker (part of the UTM security bundle), it will likely block the emails this worm sends
Gateway Antivirus (part of the UTM security bundle) will block this virus with a signature
If you have RED (part of the UTM security bundle), it will block the VBMania URLs serving the malicious .SCR files
You can also configure an HTTP proxy policy to prevent your users from downloading .SCR files
For all XCS users:
If you manage a WatchGuard XCS appliance, it can protect your network in many ways:
XCS's antispam feature should simply block the email this worm sends
The Kaspersky AV solution running on XCS appliances will detect and block VBMania as "Email-Worm.Win32.VBMania.a"
An XCS appliance with RED will block the VBMania URLs serving the malicious .SCR files
References:
McAfee Blog Post
Sophos Blog Post
CNET Article
ZDNet Article
ITPro Article
Email-Worm.Win32.VBMania.a (Kaspersky)
W32/VBMania@MM (McAfee)
W32.Imsolk.B@mm (Symantec)
W32/Autorun-BHO (Sophos)
WORM_MEYLME.B (TrendMicro)

Thanks for the information. I got a PM at another forum with a similar message but I never clicked on the link. I think I got it there but I am not sure.