Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: thecow who wrote (19805)	5/16/2001 1:53:26 PM
From: mr.mark	Read Replies (2) \| Respond to of 110652

"Warning: Worm Spreads Disguised as Virus Alert Quickly spreading e-mail bears Symantec's name but bears a Visual Basic worm. Sam Costello, IDG News Service Tuesday, May 15, 2001 Antivirus companies have long cautioned against opening unexpected e-mail attachments or attachments sent by strangers, but thanks to a new e-mail worm spreading this week, antivirus companies can add themselves to the list of not-to-be-trusted e-mailers. The worm, called VBS.Hard.A@mm, shows up in e-mail in-boxes disguised as a virus alert from antivirus firm Symantec, the company says in a virus alert. It carries a subject line reading "FW: Symantec Anti-Virus Warning" and an attachment bearing the name "www.symantec.com.vbs." The relatively innocuous worm, like many other recent worms, is written in Microsoft Visual Basic Script and propagates through the company's Outlook Express e-mail client. The e-mail carrying the worm is sent by "F. Jones," identified in the e-mail as a Symantec senior developer. Cheeky, Not Destructive When you double-click on the attachment, launching the file, a number of things happen. First your browser's default Web page is changed to a fake Symantec virus information page. The worm then sends itself to everyone in the infected PC's Outlook Express address book. The worm also makes some changes to the computer's Registry files. Lastly it creates a dialog box that appears on November 24 and reads, "Don't look surprised! It is only a warning about your stupidity Take care!" Though the worm is low-risk and does not cause serious damage, it is likely to spread quickly, Symantec says. To remove the worm, update your virus definitions, run up-to-date virus scans, and delete any files reported as being related to the worm. Changing the default Web page in the browser must be done manually. Instructions on how to delete the changes made to the computer's Registry are available on Symantec's Web site. The VBS.Hard.A@mm worm is only the latest in a flurry of e-mail worms that have spread in the last few months. Thanks to alerts and the repeated chidings of antivirus companies, people have become more informed and skeptical, limiting the spread of viruses, according to virus researchers. However, as potential victims become more informed, virus and worm writers are changing their tactics, according to virus experts. Sneaky Tactics to Spread Worms VBS.Hard.A@mm and other recent worms employ a technique they call "social engineering" to enable their spread. Using this technique, the virus or worm writer tries to trick a user into helping spread their work by disguising it as something fun or useful--in this case, an antivirus alert message. The recent Anna Kournikova and NakedWife viruses both used this technique. Both were spread through e-mail messages that purported to offer a tantalizing reason to open the message and attachment. As always, antivirus experts caution users to be sure they have the most up-to-date antivirus protection, and not to open unexpected e-mail attachments--even if they are purportedly from an antivirus company." pcworld.com