Subject: Norton SystemWorks [CANDY FROM STRANGERS - 04/09/2001]
"CANDY FROM STRANGERS
by Mike Hogan
What do you know about that guy who is offering you that great new
graphics file viewer over the Gnutella peer-to-peer (P2P) network?
Well, absolutely nothing; and, no doubt, your mama told you never to
take candy from strangers.
P2P file exchanges like Napster, Gnutella, and some 70 others are the
equivalent of a child's playground for hackers. There already were
lots and lots of viruses, Trojan horses, and worms you could contract
there--but now, a Gnutella-specific worm has been introduced.
Actually, it's not the first, but it's important.
Discovered at the end of February, the W32.Gnuman.Worm is considered a
proof-of-concept worm because it does not contain a payload. But you
can bet that follow-on versions will, and when it is executed, it does
open port 99 on your PC to port scanners.
Also known as W32.Gnutella, GnutellaMandragore, and W32.Gspot.Worm, it
can change its own file name to match any query. That's significant
for it's ability to deliver itself to your hard drive in place of the
file you "ordered." However, the file size is always 8192 bytes, and
it always has the .exe extension.
You're safe from infection if you've downloaded new Norton AntiVirus
definitions via LiveUpdate since February 27, 2001. If you think you
might already have been infected, remove the worm by running a full
system scan with Norton AntiVirus after the update.
Right-click the NAV icon in your System Tray and select Open Norton
AntiVirus. Select Norton Anti-Virus from the options menu and click
the Manual Scans heading in the tree directory on the left-hand side
of the page. Under File Types To Scan, select All Files and click the
OK button. Highlight Scan My Computer and click the Run Scan Now
button. Delete any files detected as W32.Gnuman.Worm." |
