Team Camaro Tech banner
1 - 7 of 7 Posts

·
Retired
Joined
·
26,948 Posts
Discussion Starter · #1 ·
This was discovered on Oct 29th... I just received 2 e-mails with different title and some personal information off the senders PC in the body of the message. Each has an attachment, one is a .pif and the other is an .exe The titles of these files relate to the information in the body of the message!! The ones I got were "finanical.pif" and "bank.exe"

You can see by the file names this one is digging into your privicy big time!!

I think what was sent to me is already a variant of this http://securityresponse.symantec.com/avcenter/venc/data/w32[email protected]
 

·
Registered
Joined
·
7,796 Posts
In my opinion, people that mke these viruses are creating acts of terror and should be treated as all terrorists will be. These are not things anyone should treat lightly. Tom
 

·
Premium Member
Joined
·
1,983 Posts
The [email protected] is a recompiled [email protected] virus. This is an extremely nasty virus. Read more here http://securityresponse.symantec.com/

It enables the Guest account on Windows NT servers and gives it administrator privileges!!!

You do not need to open any emails if you have an IIS server that does not have the correct patches the virus gets in by just launching a web sight.

It starts creating files with .EML extensions faster that you can clean them up. It will place admin.dll and explore.exe on the root of C:\ and you cannot delete them. The only way to be sure an infected server is cleaned is rebuilding from scratch. I don’t mean just reinstalling the OS, you have to FDISK the hard drive and start over. Nasty nasty virus.
 

·
Retired
Joined
·
26,948 Posts
Discussion Starter · #6 ·
I know what you do for a living Scott


Scott is right on in his info but left out it has a mind of it's own and may creat the .eml files on one machine and do something different on another. It also can utilize remote drive mounts to spread itself... If you are on a network and access a remote server to save off data you most likely use a remote drive... Bad news bears!!!
 

·
Premium Member
Joined
·
1,983 Posts
DjD
Too, Too much to list on this virus that’s why I included the link to Symantec. Everything you need to know about the virus is there, and how to battle it. Know this, the [email protected] was discovered 9/18/01, by then it was too late for any vulnerable Microsoft IIS web servers. By 9/19/01 it was a mad scramble for thousands of companies to contain it. On 10/29/01 [email protected] a recompiled version of the [email protected] virus was released that was designed to infect servers not infected by the first one. My guess is that this worm will continue to evolve and continue to be a threat for some time.
If detected installing virus detection is not enough, you need a removal tool that can be downloaded at the link in my previous post
 
1 - 7 of 7 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top