|
For some time now, 93 percent of the viruses caught by the LBNL VirusWall
have been one variant or another of WORM_KLEZ. In fact, the VirusWall caught
and deleted 8,471 mail attachments that contained this worm last month.
Needless to say, KLEZ is by far the most prominent worm/virus on the Internet
at this point. Once KLEZ infects a Windows system, the type of trouble it
causes depends on the particular version of KLEZ. Most versions attempt
to infect, then delete or overwrite every file in the infected system.
They also generally go to the Microsoft Outlook or Outlook Express address
book and send infected messages to others using the addresses they find
in the address book as the sender. You may consequently receive notification
from the LBNL VirusWall that a virus was removed from a message you allegedly
sent when you actually sent no message and your system was not infected
in the first place. Knowing this will help prevent your becoming confused
by any VirusWall notification you receive saying that your system sent
a KLEZ-infected message when it in fact did not!
WORM_SIRCAM was the second most prevalent worm/virus detected and deleted
by the LBNL VirusWall last month. It, however, ran a distant second with
only 214 instances of infected messages intercepted and deleted.. Sircam,
which first surfaced nearly one year ago, spreads through email and also
through unprotected shares on Windows systems. Most versions of Sircam
access and/or delete information on infected systems.
PE_Magistr.B ran a distant third with only 83 instances of infected messages
intercepted and deleted. This worm/virus gets email addresses from *.MBX,
*.WAB, and *.DBX files on the infected machine's disk, then sends email
messages with infected files as attachments. PE_Magistr.B may also attach
clean files such as .TXT and .DOC files as attachments. Its worst effect,
however, is that it usually destroys the hard drive, necessitating rebuilding
any system it affects.
Hopefully by now you know the solution for preventing infections by these
nasty worms/viruses -- keeping your system's anti-virus software up to
date, refraining from opening attachments from anyone you do not know,
and also refraining from installing "virus or worm immunity tools"
(which almost invariably turn out to be actual viruses or worms), alleged
security patches from Microsoft or another vendors that are mailed to
you, and the like. If you are not sure what to do when you receive a suspicious
attachment or when you receive a message telling you to do something for
the sake of security from someone other than a member of the LBNL Computer
Protection Program, your system administrator or your security liaison,
don't open it or act on it. Just mail it to the Compute Protection Program
Manager at cppm@lbl.gov instead.
(Written by Gene Schultz of the Computer Protection Program.)
|
J U N E 2 0 0 2