LangaList Std Edition 2004-03-08
Friday, March 12, 2004
LangaList Std Edition 2004-03-08: "2) A Virus Warning from the Langa List (Fred Langa)"There's a malicious worm that's been around for a while, but that exploded last week; it masquerades as a message from an ISP or web site--- Verizon, AOL, and others; even from me ('Dear user of Langa.com e-mail...' or something similar). The email usually arrives with a password-protected Zip file attachment that contains executable files. The email text tells you how to open it to 'protect yourself from spam' or to 'reset your email account' or some such.
"DO NOT OPEN THE FILE! It's not really from me--- or Verizon, or AOL, or whomever. No responsible party will *ever* send you an executable file, unasked for, out of the blue. I certainly will never, ever do so.
"In this case, the file is a trojan designed to infect your system. The worm-writers placed the payload in a password-protected file to try to hide from some anti-virus tools. They also crafted the worm to do an unusually good job of spoofing the formats and headers--- it can look quite legitimate, at first glance.
"At first, I was amused when I got emails addressed to me from 'The Langa.Com team.' Well, the 'Langa.Com team' is just me, and I knew I didn't send the message, so I knew it was a fake and deleted it. (My systems here never were infected by this worm; no infected mails originated from me.)
But I then got hundreds more copies of the worm--- and many of you did, too--- and it was no longer funny.
This particular attack seems to have started from a user at Centurytel.net, but it's hard to say for sure. In any case, don't be fooled: JUST DELETE THE FILE AND THE EMAIL. In fact, that's a sensible precaution for any unasked for attachment that shows up in your mail: When in doubt--- any doubt at all--- toss it out."
More information (from the Symantec/Norton Antivirus people): http://langa.com/u/3j.htm
If you think you've been infected, a free removal tool is available from Symantec at
http://langa.com/u/3k.htm
