ITSD Computing and Communications Services News
January, 2004

CCS News Home
Back Issues
Search CCS News
Computer Security
Help Request
Software Downloads
Computer Backups
Buy a Computer
Suggestion Box
Email
Calendar
Onsite Computer Training
ITSD
CIS
ISS
NTD
TEID
  Monthly Virus Update

Security image

A new version of the Mimail worm, Download.Mimail.B, is one of the newest threats. Visit the CPP website for more information concerning this variant. It sends email messages with the following subject: “PAYPAL.COM NEW YEAR OFFER"

Each message reads as follows: We here at PayPal.com are pleased to announce that we have a special New Year offer for you! If you currently have an account with PayPal then you will be eligible to receive a terrific prize from PayPal.com for the New Year. For a limited time only PayPal is offering to add 10 percent of the total balance in your PayPal account to your account and all you have to do is register yourself within the next five business days with our application (see attachment)!

Two attachments are included, the first of which is a compressed Zip file, and the second of which if opened installs a Trojan horse that makes a connection to a Web site from which Download.Mimail.B is then downloaded, infecting the Windows system. Download.Mimail.B then (among other things) attempts to glean information such as Internet account names, dial-in user information, IP addresses, email contacts, and personal and financial information such as social security and credit card numbers. Avoid falling for this ploy! Never supply personal and/or financial information in response to an email message that you receive, and avoid opening attachments that you are not expecting.

---------------------------

Last month the LBNL virus wall detected and eradicated a total of 19,158 worms and viruses before they reached users’ systems. As usual, Windows-targeting worms and viruses were by far the most prevalent. The Sobig.F worm showed up the most often, with 14,165 instances caught and deleted.

Sobig.F creates and sends email containing an infected attachment to spread to other systems. The subject of messages that Sobig.F generates varies, but is similar from one message to the next in that each subject is written to appeal to the recipient’s curiosity. Opening the attachment results in an infection.

The Swen.A worm was the second most prevalent with 2,205 instances detected and eradicated. Swen.A deceives users by distributing what is falsely described as a Microsoft security bulletin that states that a cumulative patch for Internet Explorer, Outlook, and Outlook Express is now available. Those who open the attachment, which is purportedly the patch, infect their systems.

The Klez.H worm took third place with 1,013 instances caught and destroyed. Once the most prolific worm of all worms and viruses for well over a year, Klez.H slowed down for a while during the second half of 2003, but now is making a comeback. This worm, which appears to be sent from an address taken from one of an infected system’s address books, contains a random subject line, message body, and attachment filenames.