New Items: Breaking Virus Security News

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

It’s been 19 days since my last newsletter. In the intervening period, 159 new viruses have been reported, for a daily average of about 8.4 (that’s up from about 5.7 for the previous reporting period). The total number is up, but the ratio of nasty, powerful viruses to less malefic ones is down. In this period, of the 159 total items, 14 are Category 2s, and 4 are Category 3s (down from 37 and 6 respectively over 27 days. Table 1 lists all these items in chronological order:
Table 1: New Category 2, 3, & 4 Items from 3/20-4/8/04

 

DateNameURL
3/22W32.Netsky.P@mmw32.netsky.p@mm.html
3/23W32.HLLW.Polybot.Bw32.hllw.polybot.b.html
3/23W32.HLLW.Lovgate.O@mmw32.hllw.lovgate.o@mm.html
3/24W32.Blackmal@mmw32.blackmal@mm.html
3/24W32.Snapper.A@mmw32.snapper.a@mm.html
3/26W32.Beagle.U@mm w32.beagle.u@mm.html
3/28W32.Netsky.Q@mmw32.netsky.r@mm.html
3/28W32.Sober.E@mmw32.sober.e@mm.html
3/31W32.Netsky.R@mmw32.netsky.r@mm.html
4/1W32.Gaobot.ULw32.gaobot.ul.html
4/1W32.Gaobot.SYw32.gaobot.sy.html
4/1W32.Blackmal.B@mmw32.blackmal.b@mm.html
4/4W32.Sober.F@mm w32.sober.f@mm.html
4/5W32.Netksy.S@mm w32.netsky.s@mm.html
4/5W32.Lovgate.R@mmw32.lovgate.r@mm.html
4/5W32.Bugbear.C@mmw32.bugbear.c@mm.html
4/6W32.Netsky.T@mmw32.netsky.t@mm.html
4/6W32.Tunk.A w32.tunk.a.html
4/7W32.Gaobot.WOw32.gaobot.wo.html
4/8W32.Netsky.U@mmw32.mydoom.h@mm.html

 

Notes: Please prepend http://www.symantec.com/avcenter/venc/data/ to the preceding URLs to construct complete links.
Category 3 entries in bold.

 

The last monitoring period also featured numerous repeat visitors. During this latest interval you can count:

 

 

  • Another variant of the Beagle virus, which spoofs sender as well as receiver addresses, and is thus adept at getting through some anti-spam screening.
  • Six more variants of the Netsky mass mailer including two Category 3 (S and P. Netsky does reasonably smart e-mail address harvesting, uses its own SMTP engine, and can also replicate itself to shared drives. A removal tool is available from Symantec.
  • A new category 2 worm, Blackmal, first appeared on 3/23, uses a built-in SMTP engine to send itself to all contacts in MSN Messenger, Yahoo Pager, and e-mail addresses found in Web pages (.htm) and files with .dbx extension. Damage is rated medium, as the worm attempts to delete common antivirus files.
  • W32.Tunk.A is a file prepending worm and virus with high damage potential. It will attempt to delete numerous key Windows systems files starting in May 2004 (see Web page for more details).

 

As always, keep screening e-mail for viruses and keep all anti-virus software and signatures up to date.
As I write this news section, Microsoft has not yet posted its updates for April 2004. More on that in the next newsletter (feel free to check at www.microsoft.com/security/security_bulletins in the meanwhile).

 

 

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>