New vbs virus...

sutty

yep them vbs kiddies have gone and done it again. a "new" virus

its a worm that sends its self to all the people in your contacts and edits your reg and puts in a command for it to go to a web site www.dynabyte.nl . the site it's self looks to be a real site made be a dutch company.

heres want Sophos had to say about it in there news letter:

Name: VBS/SST-A
Aliases: Kalamar.A, Calamar
Type: Visual Basic Script worm
Date: 12 February 2001

Will be detected by Sophos Anti-Virus April 2001 (3.44) or
later. A virus identity (IDE) file is available for earlier
versions.

Sophos has received several reports of this worm from the wild.

Description:

VBS/SST-A is an email-aware Visual Basic Script worm.

The worm arrives in an email with the following characteristics:

Subject line: Here you have, ;0)
Message text: Hi:
Check This!
File attachment: AnnaKournikova.jpg.vbs

The virus lures users into activating it by pretending to be a
jpeg graphic of Russian tennis player Anna Kournikova.

The first time the attached file is executed it mails itself to
everybody in your Outlook address book.

The worm makes changes to the Registry, creating an entry called
HKCUsoftwareOnTheFly.

On the 26th of January the worm attempts to connect to a website
in the Netherlands, www.dynabyte.nl


Download the IDE file from
http://www.sophos.com/downloads/ide/sst-a.ide

Read the analysis at
http://www.sophos.com/virusinfo/analyses/vbsssta.html

Download a ZIP file containing all the IDE files available for
the current version of Sophos Anti-Virus from
http://www.sophos.com/downloads/ide/ides.zip

Read about how to use IDE files at
http://www.sophos.com/downloads/ide/using.html


but if you think your mimesweeper vbs scripts will help you, you had better look again. the file went right through our mime sweeper today at about 7:15am. I had to kill all the mail servers on our exchange server. (to late for the first lot of mail's to get through) then after about four mails from my self telling people about it, and about 10 netmessages telling them not to open them. 5 people still did. which ended up infecting large software houses such as JHC and a lot of others (some of these people that opened the virus are the ones that are making out web page and looking after the tech deals for the stockbrokers)

---

Ciaran Sutcliffe
aka: sutty
[HIV]sutty
For a good time goto:
http://www.hotinternetvirgins.com

logic1

yeah this is the release we got on it at work today

<font face="Verdana, Arial" size="2">COMPUTER users were today warned to beware of a fast-spreading e-mail virus which promises a photograph of tennis star Anna Kournikova.

Experts said the new virus was spreading at twice the rate of Love Bug, which paralysed the e-mail servers of more than 100 million users last year.

The Kournikova virus tempts users with the message: "Hi: Check This!", together with what appears to be a picture file labelled "AnnaKournikova.jpg.vbs".

But clicking on the file produces no picture.

Instead, the virus e-mails itself to every address in the user's address book.

Although the virus is not believed to damage the computers it targets, it could paralyse companies' computer systems with the huge volume of e-mails it creates.

</font>

Not as thorough as yours at all Sutty but there ya go. Spreading like wild fire.. well who doesn't want to see Anna?



.logic.

Hobbes

I heard symantic's new update goes around and messes up Anna's hair+makeup so no one would want to look at her again, thus negating the awful effect of it spreading.

THE SPERMINATOR

Personaly i cant beleive ppl still open atachments form ppl they dont know.No offence ppl like these should be kept away from sharp objects and matches

Stone

sutty

want to know what the worst part of all this. about 20min after this post a 6th user got the file before we had a new script up and running.....can anyone guess what he done? well i'll tell ya....he opened it. sending it around again. giving us more fuping work that we shouldn't have to have done. then the ones that first send it around started going on about how we should of had the internet mail service up long ago

what you realy got to ask your self is.....do we realy need losers? er....i mean users

ps.... sorry but its been a realy crapy day for me so far

---

Ciaran Sutcliffe
aka: sutty
[HIV]sutty
For a good time goto:
http://www.hotinternetvirgins.com

PhilipMarlowe

<font face="Verdana, Arial" size="2">Originally posted by THE SPERMINATOR:
Personaly i cant beleive ppl still open atachments form ppl they dont know.No offence ppl like these should be kept away from sharp objects and matches

Stone </font>

Doesn't it send itself out to ppl in your adress book, therefore it would in a way be from someone you know... ?

[This message has been edited by Licksy20 (edited 13-02-2001).]

Lenny

its been on the 9 o clock news an all
by the sounds of it, it sounds major

THE SPERMINATOR

It may appear to come from a freind but surely if there freinds there would be some light banter in the e-mail i.e Hi [personal nick]Hows things hope your grannys roids have cleared up ect ect.

many of these lazy virus producers they rely heavly on people being either to stupid to green or just plain nosey.Coz it takes the reciver to actualy open an attachment [paperclip]to do its dastardly deeds.Mind you if my memory servers there was a rumors about a virus called bubbleboy that didnt >:[


Stone

And if your wondering no ive never been infected hehehehe well not with a computer virus anyways damn those public toilet seats hehehe

[This message has been edited by THE SPERMINATOR (edited 18-02-2001).]