APFN Virus Alert
Information and Links
Evil W32.Klez e-mail worm tricks PC users
Date: Thu, 25 Apr 2002 14:57:39 +0000
From: CV <firstname.lastname@example.org>
Been getting a lot of crazy messages with crazy words/phrases? Then you
may have the e-mail worm Evil W32.Klez e-mail worm. You can get it
cleaned up here:
Klez is more deceptive than some previous problem e-mails, as it has a
variety of titles displayed in the subject line, and can latch on to an
e-mail address of someone a user knows and insert it in the "From"
making users more apt to open it and thus get infected.
Some of the titles listed in infected mails include:
how are you
let's be friends
so cool a flash,enjoy it
please try again
welcome to my hometown
The Garden of Eden
introduction on ADSL
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' sexy pictures
W32.Badtrans.B@mm Removal Tool
Virus Alert - From Sierra Times.com
HOW TO KILL THIS SUCKER
W32/Badtrans@MM Removal Instructions
From Sierra Times, J.J. Johnson
INDEX OF VIRUS ALERTS
'Code Red' worm rearing to attack Net
By Robert Lemos
July 19, 2001 2:26 PM PT
An analysis of the fast-spreading Code Red computer worm has
discovered that infected computers are programmed to attack the
White House Web site with a denial-of-service attack Thursday
evening, potentially slowing parts of the Internet to a crawl.
The worm, which is thought to have compromised more than 15,000
English-language servers running Microsoft's Web server software,
will cause every infected computer to flood the Whitehouse.gov
address with data starting at 5 p.m. PDT, according to an analysis
by network-protection company eEye Digital Security.
While the direct target of the worm's denial-of-service attack is
Whitehouse.gov, the indirect effect is that an avalanche of data
will hit the Net. Each infection--a server can be infected at least
three times--will send 400MB of data every four hours or so,
possibly leading to a massive packet storm.
"That's what I mean when I say, 'Boom!'" said Marc Maiffret, chief
hacking officer of eEye. "If this goes along what it's looking
like, parts of the Net will go down." He noted, though, that the
code could have an error that causes the worm "to screw up and not
Already, there are are reports that the worm's propagation is
causing performance problems for some companies connected to the
Internet. According to data from Internet performance company
Matrix.net, the root domain servers--the central databases
connecting numerical Net addresses to Web names--are showing 20
percent packet loss. That indicates a substantial increase in data
flowing across the Net.
Even if the flood of data continues to increase as expected, it may
go unnoticed by most Web users, said Fred Cohen, a security expert
in residence at the University of New Haven and the author of the
first paper on computer worms in 1984.
"If it is handled properly, it sounds like it's easily defeated,"
he said. "All those people (whose servers have been infected) can
be notified. The Internet won't collapse; society won't end.
"Back 15 years ago, that (was) more bandwidth than the whole
Internet had, but today the Internet can handle it."
Government officials on Thursday afternoon were reviewing the eEye
analysis, according to sources. Calls to the White House were not
In June, eEye found the security vulnerability in Microsoft's
Internet Information Server that is being used by the worm. Known
as the index-server flaw, the security hole was detailed and
patched by Microsoft more than a month ago.
Although system administrators have had more than a month to plug
the hole, a large number have not.
The security hole, combined with the low priority normally given to
patching systems, may cause history to repeat itself.
In November 1988, the Cornell Internet Worm overloaded an estimated
3,000 to 4,000 servers, or about 5 percent of those connected to
the early Internet. The worm, which exploited flaws in Unix
systems, was written and released by Robert T. Morris, a Cornell
University graduate student. The effects on the early Internet are
still debated, but some estimate that traffic slowed by 15 percent
to 20 percent on average.
That may happen again.
The Code Red worm spreads by selecting 100 IP addresses, scanning
the computers associated with them for the hole and spreading to
the vulnerable machines. The worm then defaces any Web site hosted
by the server with the text: "Welcome to http://www.worm.com!
Hacked by Chinese!"
Code Red seems to deface only English-language servers, going into
hibernation on non-English versions of Microsoft's IIS software.
However, many companies in other countries use the English version
of Microsoft's software, said eEye's Maiffret.
"The majority of foreign companies run the English system, because
updates come out first in the English," he said.
According to the eEye analysis, when the coordinated universal time
hits midnight on Friday morning--5 p.m. Thursday--every worm
infection will start sending nearly 400MB of data every four hours.
An apparent side effect of the worm seems to crash several
varieties of DSL routers and higher-end network routers that direct
data around the Internet, according to posts on the Bugtraq mailing
list maintained by SecurityFocus. While apparently not an intended
consequence of the worm, the problems could exacerbate the
bandwidth problems once the data flood starts.
"Code Red" worm claims 12,000 servers
Re: "Code Red" Computer virus will reinfect networks
Sat Jul 28 14:45:05 2001
From the Norton AVCenter ....
... It is protected from in the
latest Norton Anti-Virus Definitions ... and does not affect people running Win95/98... yet!! Keep Your Virus Definitions
up to date...!!!
Discovered on: July 16, 2001
Last Updated on: July 24, 2001 at 10:51:28 AM PDT
Due to the increased number of virus submissions, on July 20, 2001, the
Symantec AntiVirus Research Center (SARC) upgraded CodeRed
Worm from a level 2 to a level 3 virus threat.
The CodeRed Worm affects Microsoft Index Server 2.0 and the Windows
2000 Indexing service on computers running Microsoft Windows NT 4.0
and Windows 2000 that run IIS 4.0 and 5.0 Web servers. The worm
uses a known buffer overflow vulnerability contained in the file Idq.dll.
Information about this vulnerability and a Microsoft patch is located at:
System administrators are encouraged to apply the Microsoft patch to
prevent infection from this worm and other unauthorized access.
For the various ways to check for this threat and the underlying
vulnerability, or if you are using Symantec Enterprise Firewall, please
see the Additional Information section near the end of this document.
Also Known As: W32/Bady, I-Worm.Bady, Code Red, CodeRed,
Infection Length: 3569
Virus Definitions: July 18, 2001
Have a Good Day :=)
----- If the People will Lead, the leaders will follow.-----
"The Constitution for the United States, Its Sources and Its Application", A Reference Work with Index, Landmark Court
Cases, and A Short History - http://www.barefootsworld.net/constit1.html
Barefoot's World - http://www.barefootsworld.net/index.html
Barefoot's World Links- http://www.barefootsworld.net/bftw.html - 800+ Links
Barefoot's Survival Page - http://www.barefootsworld.net/bfthpage.html
"We shall not cease from exploration, and the end of all our exploring will be to arrive where we started and know the place
for the first time."- T.S. Eliot
Love and Peace, Barefoot Bob Hardison
aka Barefoot Windwalker
18446 W. Holland Road, Post Falls, Id 83854, 208-773-9893
Trend Micro's free on-line virus scanner
Virus Information Center
Virus Hoaxes A - Z
Frequently Asked Questions (FAQs)
Badtrans worm carries a password-stealing Trojan
This mass-mailing worm lives up to its name by potentially clogging e-mail traffic on servers.
Badtrans is an Internet worm that sends copies of itself by replying to all unread e-mail found on the infected computer. Badtrans also carries a password-stealing Trojan horse. Although Badtrans does not damage the infected computer, it may shut down e-mail servers due to an increase in its traffic load. Reports of Badtrans have increased worldwide, and several antivirus software vendors have upgraded their own alerts. Therefore, BadTrans is now ranked as 6 on the ZDNet Virus Meter.
How it works
Badtrans arrives as an e-mail, usually carrying a subject line in response to an e-mail you have previously sent.
AVP Virus Encyclopedia
-------- Original Message --------
Subject: Chinese hackers
Date: Tue, 24 Apr 2001 23:57:45 -0400
From: "RWInman" RWInman@mediaone.net
To: "Alpha List" email@example.com
This is a message I received from Vicki. For those of you who don't know,
she is a computer security person with Verizon (formerly GTE).
If there are steps you can take to protect yourselves, it's a
probably a good idea that you do so.
This could mean an increase in virus activity as well. I have removed Vicki's
Phone number and address to keep a lot of calls from going to her office thus
interfering with her work. Vicki has never put out false information to me
or anyone that I know of, so buckle up, turn on the firewalls and update your
anti-virus protection. Turn off your live internet connection when the computer
is not being used. (I have to remember that last one) Roger InmanThe below is
from Vicki- May should be an interesting month...... "U.S. & Chinese hackers
vow to wage online war"
Chinese hackers, reportedly, will begin a full-out, week-long assault
on U.S.-based computers beginning May 1, escalating the cyberwar
between the two countries. Experts say the Chinese are after quantity
and not necessarily quality hits. U.S. hackers, according to
underground chat rooms, have already begun a massive assault, which
they have dubbed "Chinakiller," on Web sites hosted in China.
SOURCE: Nando Times http://www.nandotimes.com/technology/
At the very bottom of the Technology page it is a very
busy page you may want to read it here- Technology: U.S.,
Chinese hackers vow to wage online war
By Michelle Delio, Agence France-Presse
SAN FRANCISCO (April 21, 2001 11:34 p.m. EDT http://www.nandotimes.com) -
As tensions rise between China and the United States,
computer-savvy citizens of both countries have begun to wage their own Internet
American hackers are urging each other to break into
websites hosted in China, and claim that US hackers have already penetrated
hundreds of Chinese websites.
Chinese hackers are vowing to retaliate with a week-long attack on
US-based websites and computer networks, starting May1.
Security experts warn that these attacks could affect government systems,
and that outside of government all website owners and network
administrators should ensure their networks are well-protected.
"These guys don't care who you are, they are just interested in how many
sites they can hit. Basically they are just out there collecting
scalps " said "Taltos," a security consultant and hacker from Budapest,
Hungary who has been closely following the underground online discussions on the
Chinese-US hack attacks.
Messages posted on some of the underground Internet chat rooms indicate
that US hackers plan to continue the blitz they have dubbed the
"ChinaKiller." And on the Chinese side, "Many people here are frustrated with America.
We want to tell you what we think is wrong, but our government is
too polite. So we will say it on everyone's Internet," wrote Jia En Zhu, a
22-year-old hacker who lives in Zhongguancun, a Beijing suburb, in one of
the many messages posted on the net. The Chinese hack attack is planned for May 1
through May 7th, peaking on May 4, a Chinese holiday commemorating the country's
first major student demonstration, which took place in Beijing's Tiananmen Square 82
years ago, on May 4, 1919, Zhu said.
China's people have only had access to the Internet since 1997,
but the country's hackers have been quick to use it to make political points.
The Internet has been a channel for attacks, apparently by Chinese
hackers, on US government sites in response to the May 1999 bombing of
the Chinese embassy in Belgrade, Yugoslavia, and for releasing viruses which
destroyed data on Taiwanese university servers. Taltos said that he wouldn't
be surprised to see some new and nasty computer viruses making the rounds of
the Internet during the first week of May. "If this cyberwar goes forward as
planned, many Internet users will be caught in the crossfire. So it's especially
important to practice safe computing during the first week of May."
American Patriot Friends Network (APFN)
"If ye love wealth better than liberty, the tranquility of servitude better
than the animating contest of freedom, go home from us in peace. We ask
not your counsel or your arms. Crouch down and lick the hands of those
who feed you. May your chains set lightly upon you. May posterity forget
that ye were our countrymen." - Samuel Adams
Trojan lets cyber-cops plant bogus
American Patriot Friends
"...a network of net workers..."
Without Justice, there is JUST_US!
APFN Message Board
APFN Contents Page
APFN Home Page E-Mail:
APFN Message Board
APFN Contents Page
APFN Home Page
Last updated 04/24/2010