January 25th, 2006

Porn Worm - also known as W32/Nyxem-E and Grew-A, entices PC users to click on a pornographic attachment. When the attachment is opened, the worm is triggered, copies itself to network shares, emails itself out to users in the address book, then lies dormant until the 3rd day of the month. On that day, it'll try to disable both antivirus and antispyware software, and delete certain files (including Office files).

November 18th, 2005

Another Messenger Worm - this time AOL Messenger has been used by a group of Middle Eastern hackers to take control of over 17,000 computers around the globe. These computers can then be used to attack other servers and workstations.  The hackers used a free file-sharing software package called BitTorrent and IRC communications.

Again, common sense and an updated antivirus program is good prevention to have. Be careful about clicking on links, even if sent by friends. Verify with the sender if the link was intentional.

November 10th, 2005

Linux safe? - just when you thought that Linux is a safe operating system to use (phew), someone goes and writes a new worm which blindly attacks Web servers. The worm has been named "Lupper" by McAfee and "Plupii" by Symantec, and it gives remote users control of the infected server by means of a back door. If a system has been infected, Symantec recommends a complete reinstall of the system.

October 19th, 2005

Skype Update - Cybercriminals are finding all sorts of ingenious ways of duping end users to download their Trojan Horses over the net. One attempt is an email which pretends to be an update to Skype. Once the email is opened, it runs a variant of the IRCbot trojan. This blocks access to security updates and installs a back door on computers.

October 18th, 2005

Windows Update - Microsoft's new patch to address security issues for Windows 2000, XP and Windows Server 2003 is already causing problems. The patch can lock users out of their PC, stop the firewall from starting up, prevent other applications from starting, empty the network connections folder, and instigate other random events.

To resolve any problems caused by the MS05-051 patch, users should restore the default permissions for the Windows folder and the COM+ catalogue. A guide is available on the Microsoft web site here.

September 1st, 2005

Zotob  - A Turkish and a Moroccan man have been arrested by authorities. One of them is linked to at least 20 other viruses including Mytob, Mydoom-BG and Rbot worms. The 21 year old Turkish man is also allegedly linked to credit card fraudsters, according to the FBI.

August 19th, 2005

There may now be up to 11 new malicious worms, each one exploiting different known Windows vulnerabilities. These new worms include the following:

• an IRC backdoor for communicating between the infected PC and the source of infection
• ability to delete and create shared folders on the infected PC
• ability to steal private information
• ability to launch DOS (Denial of Service) attacks on random targets

August 18th, 2005

Zotob and Rtob - computers across the US were hit with variants of these worms. Networks affected were CNN, The New York Times and TV network ABC. Unpatched Windows 2000 computers are the vulnerable ones. The worms exploit a security hole in the plug-and-play feature in Windows 2000.  Symptoms include repeated shutting down and rebooting of the infected computer. There are still a lot of PCs running Windows 2000, in fact just under 50% of business PCs in the first quarter of 2005.

If you have Windows 2000, make sure the updates from Microsoft are happening for you.

June 4th, 2005

Bagle  - will triple your pain. The new Bagle worm variants will deliver a triple punch to your PC system if you become infected:

1. If you click onto the attachment, the worm will email itself to all the names in the address book.
2. It'll then download a Trojan which will block antivirus software updates and Microsoft updates
3. Thirdly, a second Trojan will disable antivirus software and existing firewalls. It will then hijack the infected PC to make it part of a botnet (a group of networked computers that are hired out to relay spam, to steal identities and track PC users' behaviour.

Fancy that, someone wants to hire out your computer for as little as 5 cents, which is why the spammers rely on infecting large numbers of unsuspecting PCs to make their ill-gotten gain.

May 12th, 2005

Sober.P - view this chart to identify and remove the Sober.P worm from your computer

May 10th, 2005

Sober.P seems to be very prolific at the moment. According to Sophos (an antivirus company), the worm accounted for over 5% of all internet traffic over the weekend, and over 80% of all virus activitity. The worm has also turned off Symantec antivirus protection and Windows XP's firewall on computers that are infected. Is anybody learning their lessons out there??

May 8th, 2005

Sober.P and other variants of the same worm is spreading again among PC users.  This is a mass-mailing worm which entices people into opening an attachment.  The virus then looks at all email addresses in your address book,  and sends spam to those addresses. The steps to avoid being infected is quite simple:

1. Use an antivirus program with an email scanner. Regularly update the virus definitions list. I use AVG Free V7.
2. Use spam filtering software such as Mailwasher (not free), or Spybot S&D (free). I use both.
3. Don't open attachments sent by strangers.

March 2nd, 2005

BagleDI-L - this new variant of Bagle is a trojan horse that attempts to turn off the firewall and antivirus software of the infected PC. It then attempts to connect the infected PC to a number of web sites. Currently these web sites contain no malicious material, but that may change. Remember, it's dangerous to open random attachments, even when they come from friends.

February 18th, 2005

MyDoom.bb - This virus spreads by using the Google and other popular search engines. It attempts to harvest email addresses and will try to shut down active Outlook and IE applications. The bait - a fictitious email from your ISP or your company, warning of unsent email queueing up, or warning that your computer was used to send a large amount of junk email and your PC may be compromised. An attachment with the email letter supposedly contains the instructions on how to safeguard your computer - instead, it contains the virus which is activated when the attachment is opened. 

February 8th, 2005

Triple Worm threat

• MSN Messenger is used to spread the Bropia.F worm, which in turn is packaged with a nastier worm called Agabot.ajc. The Bropia.F worm uses a picture of a roast chicken with tan lines as "bait" for unsuspecting MSN Messenger users. The second worm then attempts to take over the PC and spread through broadband networks, giving it the potential to cause overloading of certain internet services (denial-of-service attack).
• The Bobax.H worm uses photos of "Sadam Hussein killed trying to escape" as bait for unwary internet users. When the photo attachment is clicked, the worm will try to disable your antivirus and security software, then it will use your PC to release copious amounts of spam onto the email system.
• The Wurmark-F worm also uses bait - a picture of an old man pulling a funny face. Clicking on this email attachment triggers the worm to try and expose the PC to hackers on the internet. "If you attach a new, unpatched computer to the Internet, unprotected by proper firewalls and up-to-date antivirus software, then it can easily be under the control of hackers within 10 minutes", says Graham Cluley, senior technology consultant for antivirus software company Sophos.

January 25, 2005

Wi-Fi threat - "Evil twin" hotspots are bogus networks set up by hackers to resemble legitimate Wi-Fi hotspots. Once an unknown user has  connected to an evil twin, a hacker can intercept data transmission. If you're a Wi-Fi user, make sure that stringent security procedures are in place. Normally, base stations taken out of the box are configured by the manufacturer to the least secure mode possible.

January 24, 2005

Bropia.A - this new worm spreads via MS Messenger. It replicates itself in the infected machine's C: drive, using one of the following filenames: "Drunk_lol.pif", "Webcam_004.pif", "sexy_bedroom.pif", "naked_party.pif", or "love_me.pif". It will then attempt to send itself to all active MSN contacts. This worm also drops a variant of the Rbot backdoor executable file called oms.exe. This backdoor can be used to collect information, log keystrokes, or take control of the infected PC.

January 13, 2005

Lasco.A  - this is another mobile phone virus, with a difference. As well as spreading via Bluetooth wireless connections, it also spreads by attaching itself to files. This is the first to use both methods. The best way to protect your system is to set it to hidden Bluetooth mode.

January 6, 2005

Cabir - this is a mobile phone worm. Yes, even mobile phones can now begin to become infected. Specifically, this worm can infect Symbian OS-based mobile phones running Nokia's Series 60 user interface. It spreads via Bluetooth as an SIS package. To protect yourself, turn off the phone's "discoverable" mode.

January 5, 2005

Atak is another Christmas card mass-mailing worm. It harvests email addresses from infected PCs and uses its own SMTP engine to spread itself. It affects all versions of Windows, but not Linux/Unix and Macintosh systems. It does not contain a destructive payload, but  can reduce system performance of an infected PC as it spreads itself.

December 23, 2004

Zafi.D email traffic is slowing down, but remains high. This worm continues to generate a significant amount of email traffic, and consume large chunks of bandwidth. It doesn't just send itself to valid email addresses stored on the infected computer(s), but also creates a large number of "made-up" addresses using existing domain names.

Don't forget to keep your antivirus software updated, and perform a full system scan at least once a week.