Virus Warnings from December 2001
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
08 December 2001 - VHT-DK Warning: New 'Bobek-3 linkvirus' Found
Virus Help Demark says a new linkvirus has been found a few days ago,
we are not sure if this virus is in the wild. It was send to directly
to Zbigniew Trzcionkowski (The programmer of Safe). Zbigniew received
one infected file. This new virus, is a clone of the "Bobek-2" linkvirus,
and is named "Bobek-3". This is able to disable the antivirus programs,
We do not know if this virus was released in any way, so if you get a
requester poping up, telling you that something is trying to disable
the xvs.library, please let us know.
This is what we know of the virus:
Virus name: Bobek-3
Virus Type: Linkvirus
Virus size: about 2.000 bytes (Uses polmorphic engine)
Follow the above link for viruswarning - file is named vht-dk112.lha.
* Click here for VHT-DK Virus Warning vht-dk112 Readme
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
08 December 2001 - VHT-DK Warning: Two Trojan's Found On Aminet
This is an update to the December 6th warning from Aminets MOTD.
Virus Help Demark says two archives found on Aminet contains a new
trojan. It is said to be AGA demos, but if you run these demo's on a PC
using 'WinUAE', your system will be deleted. These 'trojan demos' comes
from a Polish demo group. Why they would program something like this, I
don't know.
This is some info about the two archives:
Trojan name... : AME-DSD Trojan (Name might be changed later)
Trojan name... : PSL-KMJ Trojan (Name might be change later)
------------ Code start -----------------------
Warning!!! UAE System for lamers detected!!!
- System will reboot after mouse button...
run c:delete s:startup-sequence force quiet >NIL:
------------ Code end -------------------------
Follow the above link for viruswarning - file is named vht-dk113.lha.
* Click here for VHT-DK Virus Warning vht-dk113 Readme
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
06 December 2001 - Aminet: Virus Alerts on Two Files
Aminet Amiga software archive has this 'Message of the day:'
* VIRUS ALERT. demo/aga/AME-DSD.lha and demo/aga/PSL-KMJ.lha delete
everything on SYS: if used in UAE.
Top of Page
Windows
20 December 2001 - CERT Advisory CA-2001-36
Microsoft Internet Explorer Does Not Respect Content-Disposition and
Content-Type MIME Headers. The CERT Coordination Center says Microsoft
Internet Explorer contains a vulnerability in its handling of certain
MIME headers in web pages and HTML email messages. This vulnerability
may allow an attacker to execute arbitrary code on the victim's system
when the victim visits a web page or views an HTML email message.
The CERT/CC is tracking this vulnerability as VU#443699, which
corresponds directly to the "File Execution" vulnerability described
in Microsoft Security Bulletin MS01-058.
* Click here for CIAC Bulletin Number M-027
* Click here for Microsoft Security Bulletin MS01-058
Microsoft TechNet Security's latest bulletin outlines "Cumulative Patch
for IE". This is a cumulative patch that, when installed, eliminates all
previously discussed security vulnerabilities affecting IE 5.5 and IE 6.
In addition, it eliminates three newly discovered vulnerabilities.
13 December 2001 - AVP Virus Alert: I-Worm.Gokar
Kaspersky Lab has detected a new Internet-worm : I-Worm.Gokar. At the
moment, there are already several reported cases of infection by this
program. The worm spreads by e-mail and Internet Relay Chat (IRC)
channels.
* Click here for F-Secure Gokar Report
* Click here for NAI W32/Gokar@MM Report
Aliases: I-Worm/Gokar (Prognet), W32.Gokar.A@mm (NAV),W32/Gokar.htm
Win32.ar (CA), Wn32.HLLW.Karen (DrWeb), WORM_GOKAR.A (Trend)
06 December 2001 - Kaspersky Labs Red Alert: I-Worm.Updater
Kaspersky Labs reports the detection of the latest Internet worm,
I-Worm.Updater. At this time, several reports of infection by this
malicious code have been reported. Updater is written in Visual Basic
Script (VBS), and the worm itself is an EXE file about 12Kb in length,
compressed in a UPX utility. The worm spreads via e-mail by gaining
access to the Outlook address book.
06 December 2001 - Free Treatment CLRAV Utility for thwarting Goner
In response to the wide-spreading infections caused by the Internet
worm Goner, Kaspersky Labs has developed a utility for the detection
and deletion of the malicious code contained in Goner. They are
offering this utility to users free of charge. In addition to
effectively fighting the Goner Internet Worm, the utility also thwarts
the network worms SirCam, Navidad, BleBla. CLRAV is also useful for
users of other anti-virus programs that may not be able to properly
detect and delete Goner.
06 December 2001 - Goner Worm Is Not A Goner Yet
Experts said there were signs that Goner's infestation was slowing,
but that it was likely to persist into next week. An antivirus
consultant for Sophos Anti-Virus in the UK said it was likely that the
number of Goner victims would be in the hundreds of thousands before
it disappeared from view. (ZDNet)
* Click here for Help & HowTo: Goner
Most of the antivirus software companies have updated their signature
files to include this worm. For more information on removing this
Goner from your system, see Central Command, F-Secure, Kaspersky,
Sophos, Symantec, and Trend Micro. (ZDNet)
05 December 2001 - Detection and removal for W32/Goner@MM
Network Associates has links for detection and removal for W32/Goner@MM
which include the EXTRA.DAT file, along with the Super EXTRA.DAT.
05 December 2001 - Latest Virus Descriptions
Warning About: Goner Mass-mailer Worm (High Alert)
* Click here for F-Secure Virus Report
Aliases: W32/Goner.A@mm, I-Worm.Goner, Gone, Pentagone, Pentagon
Release Note: Goner is a mass-mailer written in Visual Basic. It was
found on December 4th, 2001. The worm spreads itself using Outlook
e-mail messages as GONE.SCR attachment. It also spreads through ICQ
Instant Messanger if it's installed on an infected computer. It also
drops a few scripts to MIRC client directory. These scripts can be
used to flood certain IRC chat channels.
Warning About: W32/Goner@MM
* Click here for NAI Virus Report
Aliases: I-Worm.Goner (AVP), Pentagone, W32.Goner.A@mm (NAV)
W32/Goner-A (Sophos), W32/Goner.A@mm (Panda)
W32/Goner.ini, Win32.Goner.A@mm (AVX)
Release Note: This mass mailing worm attempts to send itself using
Microsoft Outlook to all entries found in the Outlook Address book.
It tries to delete security software, can spread via ICQ, and an IRC
bot script. For the email message it contains, read the report.
Warning About: W32.Goner.A@mm
* Click here for Symantec Virus Report
Release Note: Due to the increased rate of submission and level of
damage, Symantec Security Response is upgrading W32.Goner.A@mm from
Category 3 to Category 4.
Warning About: Goner: ICQ-loving Internet-Worm
* Click here for Kaspersky Lab Virus Report
Release Note: Reports of infection by this malicious program already
have been reported in many countries throughout the world.
05 December 2001 - F-Secure Removal Instructions for Badtrans.b worm
After disinfection it is recommended to scan your system with FSAV again
to ensure that no infected files are left. It is also recommended to
change your Windows domain password and RAS password as they might have
been compromised.
05 December 2001 - F-Prot Removal instructions for W32/Badtrans.B@mm
A new variant of the W95/Badtrans@mm, called W32/Badtrans.B@mm was
found in the wild on the 24th of November. Like its predecessor it has
both the characteristics of a worm and a trojan.
02 December 2001 - Virus alert: F-Secure Warns Of Email Worm BadTrans
F-Secure Corporation is alerting computer users worldwide of an email
worm called BadTrans.B. According to F-Secure, this worm is spreading
fast through email messages and installs a spying Trojan component to
steal information from infected systems. (Originally posted on Nov 26th)
* Alert at F-Prot: A new variant called W95/Badtrans.B
Top of Page
Macintosh
No warnings for December 2001
Top of Page
Linux
No warnings for December 2001
Top of Page
Miscellaneous
No warnings for December 2001
Top of Page
Back to the Virus Archives page