Virus Alerts

Most Common Viruses Virus Alert – Bagle Virus Alert – Netsky Virus Alert – Sasser.B Virus Alert – Sober.F Virus Alert – W32.Wallon.A ALERT: Bagle Virus Bagle.U is the 21st version of an e-mail worm that first appeared in January. Once opened, Bagle.U opens a back door to infected systems, emails copies of itself to email addresses it harvested from files within the infected machine. The Bagle virus spoofs the sender address by using a harvested address in the “From”: field of the email. The Bagle virus listens on TCP port 4751 for remote connections. It attempts to notify the author that the infected system is ready to accept commands, by contacting various remote websites. More information on the Bagle virus is available at the following websites: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.v@mm.html http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101141 http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.U ALERT: Netsky Virus Netsky is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for folder names containing "Share" or "Sharing," and then copies itself to those folders. More information on the Netsky virus is available at the following websites: http://sophos.com/virusinfo/analyses/w32netskyq.html http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q@mm.html http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101145 ALERT: SASSER.B Virus Win32/Sasser.B.worm is a slightly modified variant of the Win32/Sasser.worm. It is exploiting the LSASS vulnerability patched in MS04-11 in order to spread. Patched computers are not infected by this worm. W32.Sasser.B.Worm can run on (but not infect) Windows 95/98/Me computers. More information on the Sasser.B virus is available at the following websites: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.B http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html ALERT: Sober.F Virus Sober.F is a variant of Sober.E, a mass-mailing worm. Sober spreads itself via email. The subject of the email varies, and it will be in either English or German. More information on the Sober virus is available at the following websites: http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.f@mm.html http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBER.F http://msn.mcafee.com/virusInfo/default.asp?id=description&virus_k=101154 ALERT: W32.Wallon.A Worm W32.Wallon.A is a mass-mailing worm that exploits the MHTML vulnerability found in Outlook Express to download files without the user’s knowledge. This worm sends out an HTML-based email message containing a hyperlink. This link redirects the user to a Web site that downloads some of this worm's components into the system. More information on the W32.Wallon.A Worm virus is available at the following websites: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WALLON.A http://securityresponse.symantec.com/avcenter/venc/data/w32.wallon.a@mm.html http://ca.mcafee.com/virusInfo/default.asp?id=description&virus_k=125096 What to do if you think your computer is infected If you think your computer is infected, first try getting the latest updates from your anti-virus vendor and run a system scan to detect and remove any virus found. Alternatively you can use a free online virus scanner such as Trend Micro's Free Online Virus Scanner Important! Windows ME and XP users: Before disinfecting your computer, you should turn off System Restore. After you have finished disinfecting, turn System Restore back on.