Guest guest Posted January 31, 2006 Report Share Posted January 31, 2006 The worm infecting our group is as follows: (Info: Thanks to Manish Kothari) KamaSutra Worm Seducing PC Users Worm set to overwrite your data on Feb 3. A rapidly-spreading worm is carrying a potentially destructive set of instructions. The Nyxem worm -- also nicknamed the Kama Sutra worm -- is programmed to overwrite all of the files on computers it infects on Feb. 3. The worm truncates files to 20 bytes and causes an error message when one is opened. The worm appears to be programmed to overwrite all files on the third day of every month. While most antivirus vendors have issued updates for their software, Nyxem is spreading quickly, and its creators have posted a counter on a Web site that records new infections. The last figures reported on sunday night showed 510,000 infections, with infections reported from all over the world including India Nyxem infections may be rising because it is taking advantage of computers that have already had their antivirus software disabled by some other virus such as Bagle. The worm, which is spread through e-mail, uses a dated technique to entice users by promising pornography. The worm sends itself as attachment in the infected e-mail. The e-mail subject can be one the following: The Best Videoclip Ever School girl fantasies gone bad A Great Video Fuckin Kama Sutra pics Arab sex DSC-00465.jpg give me a kiss *Hot Movie* Fw: Funny Fwd: Photo Fwd: image.jpg Fw: Sexy Re: Fw: Fw: Picturs Fw: DSC-00465.jpg Word file eBook.pdf the file Part 1 of 6 Video clipe You Must View This Videoclip! Miss Lebanon 2006 Re: Sex Video My photos The message body may be one of the following: Note: forwarded message attached. Hot XXX Yahoo Groups F*ckin Kama Sutra pics ready to be F*CKED forwarded message attached. VIDEOS! FREE! (US$ 0,00) Please see the file. >> forwarded message ----- forwarded message ----- i just any one see my photos. It's Free how are you? i send the details. OK ? The worm usually attached itself to e-mail messages as an executable file. It uses one the following names in attachment: 007.pif School.pif 04.pif photo.pif DSC-00465.Pif image04.pif 677.pif New_Document_file.pif eBook.PIF document.pif DSC-00465.pIf Sometimes, the worm MIME-encodes the file. In these cases, the attachment name can be one of the following: Video_part.mim Attachments00.HQX Attachments001.BHX Attachments[001].B64 3.92315089702606E02.UUE SeX.mim Sex.mim Original Message.B64 WinZip.BHX eBook.Uu Word_Document.hqx Word_Document.uu The filename inside MIME-encoding is one of the following: New Video,zip .sCr Attachments,zip .SCR Atta[001],zip SCR Clipe,zip .sCr WinZip,zip .scR Adults_9,zip .sCR Photos,zip .sCR Attachments[001],B64 .sCr 392315089702606E-02,UUE .scR SeX,zip .scR WinZip.zip .sCR ATT01.zip sCR Word.zip .sCR Users are advised not to click any mail that promises pronography. So everybody please update your anti-virus software before its too late. I am using free AVG software from www.free.grisoft.com You may download it free and use it with regular free updates automatically. Users of Gmail can set their accounts to automatically delete all infected mails. Gmail has the latest virus scanning software. However, you will need to see the mails on web first if you want Gmail to do the job. Downloading in Outlook circumvents the process. Kishore Shah --------------- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375/ Virus Database: 267.14.23/243- Release Date: 27/1/06 Quote Link to comment Share on other sites More sharing options...
Guest guest Posted February 1, 2006 Report Share Posted February 1, 2006 Great information, Kishore, Don't panic however, if your PC is clean using UPDATED virus definitions... it could well be the POP/STMP server that you are using is infected. The cleanest scan that you can get on your PC is in Windows " safe mode " (with UPDATED virus definitions)... so do check it out on those infected PC's . Ravin '82 Worming in > The worm infecting our group is as follows: > (Info: Thanks to Manish Kothari) > > KamaSutra Worm Seducing PC Users > > Worm set to overwrite your data on Feb 3. > > A rapidly-spreading worm is carrying a potentially destructive set of > instructions. The Nyxem worm -- also nicknamed the Kama Sutra worm -- is > programmed to overwrite all of the files on computers it infects on Feb. 3. > The worm truncates files to 20 bytes and causes an error message when one is > opened. The worm appears to be programmed to overwrite all files on the > third day of every month. > > While most antivirus vendors have issued updates for their software, > Nyxem is spreading quickly, and its creators have posted a counter on a Web > site that records new infections. The last figures reported on sunday night > showed 510,000 infections, with infections reported from all over the world > including India > > Nyxem infections may be rising because it is taking advantage of > computers that have already had their antivirus software disabled by some > other virus such as Bagle. > > The worm, which is spread through e-mail, uses a dated technique to > entice users by promising pornography. The worm sends itself as attachment > in the infected e-mail. The e-mail subject can be one the following: > > The Best Videoclip Ever > School girl fantasies gone bad > A Great Video > Fuckin Kama Sutra pics > Arab sex DSC-00465.jpg > give me a kiss > *Hot Movie* > Fw: Funny > Fwd: Photo > Fwd: image.jpg > Fw: Sexy > Re: > Fw: > Fw: Picturs > Fw: DSC-00465.jpg > Word file > eBook.pdf > the file > Part 1 of 6 Video clipe > You Must View This Videoclip! > Miss Lebanon 2006 > Re: Sex Video > My photos > > > The message body may be one of the following: > > Note: forwarded message attached. > Hot XXX Yahoo Groups > F*ckin Kama Sutra pics > ready to be F*CKED > forwarded message attached. > VIDEOS! FREE! (US$ 0,00) > Please see the file. > >> forwarded message > ----- forwarded message ----- > i just any one see my photos. It's Free > > how are you? > i send the details. > OK ? > > The worm usually attached itself to e-mail messages as an executable > file. It uses one the following names in attachment: > > 007.pif > School.pif > 04.pif > photo.pif > DSC-00465.Pif > image04.pif > 677.pif > New_Document_file.pif > eBook.PIF > document.pif > DSC-00465.pIf > > Sometimes, the worm MIME-encodes the file. In these cases, the > attachment name can be one of the following: > > Video_part.mim > Attachments00.HQX > Attachments001.BHX > Attachments[001].B64 > 3.92315089702606E02.UUE > SeX.mim > Sex.mim > Original Message.B64 > WinZip.BHX > eBook.Uu > Word_Document.hqx > Word_Document.uu > > The filename inside MIME-encoding is one of the following: > > New Video,zip .sCr > Attachments,zip .SCR > Atta[001],zip SCR > Clipe,zip .sCr > WinZip,zip .scR > Adults_9,zip .sCR > Photos,zip .sCR > Attachments[001],B64 .sCr > 392315089702606E-02,UUE .scR > SeX,zip .scR > WinZip.zip .sCR > ATT01.zip sCR > Word.zip .sCR > > Users are advised not to click any mail that promises pronography. > > > So everybody please update your anti-virus software before its too late. > I am using free AVG software from > www.free.grisoft.com > > You may download it free and use it with regular free updates automatically. > > Users of Gmail can set their accounts to automatically delete all infected > mails. Gmail has the latest virus scanning software. However, you will need > to see the mails on web first if you want Gmail to do the job. Downloading > in Outlook circumvents the process. > > Kishore Shah > > --------------- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.1.375/ Virus Database: 267.14.23/243- Release Date: 27/1/06 > > > > ------------------------------ > Website: www.mgims.org > ------------------------------ > Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.