VIRUS ALERT! THIS IS A SNEAKY ONE!! Posted: Apr 17, 2005 10:04 AM

There is a new virus going around that the anti-virus programs don't seem to be spotting. It is contained in a zip file. If you receive any emails with a zip file attached, delete it immediately unless you know for sure what it is. The emails are signed by John Andrews; at least the one that has "Photo Approval Needed" in the subject line. it comes from collegeprep.com

The same virus is also being attached to an email stating that your website has some bad links when viewed with a Mozilla Browser. It also has a zip file attachment.

One more thing... it may not show as an attachment; it may be disguised as a web URL but if you look at it, you will see the .zip at the end. BEWARE!!! This is a bad one!

hmmm - why would an up-to-date virus checker not detect it? Are you saying that they've finally written a virus that cannot be stopped?

Whilst well intentioned, this sort of announcement can panic the unwary. Keep your virus checker up-to-date (mine has been detecting ZIPs for ages) and use your common sense when opening attachments from people you don't know.

http://housecall.trendmicro.com <-- one time free check on your PC

AVG Free <-- great virus checker (free)

Ad-aware Personal Edition <-- free spyware/trojan checker

R2

I, too, am quite sure that this is unreal. I have received many hoax e-mails that begin with the words "There is a new virus going around..." The form is so similar to its predecessors and follows the typical hoax format.

Each time a supervirus or worm of this purported magnitude has come out, the media has been all over it, reporting day and night. Check it it and within a few days, it will be listed on a hoaxbuster website.

Perhaps, it could be a hoax. I don't know that. I only know a friend sent it to me. Better to know than not know. I did not say your ware could not stop it.

I wonder if actuarial tables factor in levels of paranoia in determining life expectancy, and if yes, does it have a positive or negative influence (assuming longevity is the preference)? Note: preceding question mark is rhetorical.

argghhh, some people shouldnt even be alowed to use computers. OK LISTEN UP REGION2.. An anti-virus checker will not detect a new virus, why should it? IT IS NEW!!! They can only detect the signitures of known viri!!

As for your AV detecting .ZIPS, no it does not. A .zip is not a virus but a legitmate file type. Your av simpily scans the zip for what files are contained within it and it may or may not be a virus (most likely not!)

As most email providors now block all executible files people have started zipping their viruses to get around this block but that doesnt mean every .zip is a virus.

Lesson over..

p.s. chatter. it wasnt a hoax, the mentioned virus was a small trojan dropper which is now caught by all major anti-virus.

b00m cha!

aobuluz - thanks for the lesson - there was me thinking that I knew stuff but it turns out I don't know nuffink!

A quick search of the web reveals this posting elsewhere by someone with the same ID:

quote:

Hello.

I am the founder of Hackarmy. We have continued with our distributed denial of service attack on the bnp website and will not cease untill the hosting companys terminates the account. I read over the information posted on the bnp's website and had a good laugh. No we are not a terrorist organisation and no we are not affiliated with Al Quida.

Back to the story - Viruses tend to act in similar ways and virus checkers tend to spot these actions and flag them as suspicious. Likewise, if your virus checking software is kept current and you open a dodgy zip file then it will be detected by a virus checker. I say again - keep your system up-to-date and there would be no need to forward on Virus Alert emails unnecessary. That said, opening attachments from people you don't know should be avoided... just in case!
R2

Not sure what hackarmy is but it's nice to see I am not unique!!

If your virus checker is kept current it will still only detect KNOWN viri.... However, you are correct, if it happens that a new virus is of similar design to an allready existing one then the AV will still match signitures and report it as "POSSIBLE NEW MALWARE"

This does not keep you safe though as code can vary meaning it is possible to evade all AV signitures..

As you said, it is better to be wary of attachments from people you do not know.

"hmmm - why would an up-to-date virus checker not detect it? Are you saying that they've finally written a virus that cannot be stopped?"

A little naive i'm afraid, sorry if I sounded patronising however, a glass of wine to many last night me thinks

forgiven...

R2

Yup, I'd gotten half a zillion of these...wrote to Hotmail, who'd sent back a form letter having nothing to do with the problem. These people even used "Hotmail Safe Attachment" in many of them.

Tell-tale sign is the file size...about 50K...nothing that anyone would need to zip ;-)

They seem to be filtering them out now, but new tricks are always around the corner. AND - as it's been said, a virus checker can only work on known virii, or deviations of the same.

Just don't open any attachment or file from ANYONE, unless you know and have contacted the sender prior to opening it.

Shoot...even then be suspect, the person may have a virus they're unaware of.

"Common sense seems to be the least common commodity"

Here's a useful looking web site:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy

Speaking of warrior, wonder where warriornun dissapeared? Just made me think of her.

quote:

aobuluz

Spelled backwards is Zuluboa. Hmmm, I guess that I should find something more useful to do.

It is a Generic Malware.a!zip
It pretends to be from the admin,info,webmaster, etc official type of your own ISP. eg. admin@ your ISP. Anything from: Your password has been updated, to your payment is overdo, your account has been updated, etc. My ISP is catching it before it reaches me now, but not at first. I did not open them because it smelled like a spoof ebay does.

Some dadgum malware killed my computer!

My browser was continually being redirected to the Gary Null natural living web site. This is not a site I've ever visited voluntarily. I tried AdAware, Spybot S&D, Microsoft Antispyware, McAfee, and a few others but the scans kept coming up clean. It was driving me crazy and I posted on a couple of tech support boards without getting much help. When I e-mailed the webmaster over that web site, she said that the problem was caused by a hacker that put a bug on the pogo.com site and that others had contacted pogo and were told how to get rid of it. I don't remember ever going to pogo either, but e-mailed them and they said the problem seems to be happening when people bookmark a web site that they host. They also said they have lots of sites that change often, and they wouldn't help me with it because they don't give advice on anything other than their own software. From looking at chat boards, the bug seems to exploit a problem in the 2004 version of Firefox, which is what I was using.

I removed all the bookmarks since well before the problem started and was free of the problem for over 5 hours. I ran all the scans again, then downloaded the XP SP2 to try to keep that thing and any other junk off. The SP2 crashed the computer and I couldn't even get it to start in safe mode to do a system restore. I had to take off from work to take the computer into town. Fortunately, the computer repairman was able to save my data. The old computer would have cost more than it was worth to repair since it also had another previous problem (refused to copy anything to a disk) so now I have a different computer. It's a slightly used one that he modified and much nicer than the old one, but that dang hacker still caused the death of my other computer!!!!

Beware of what you bookmark. I never heard of bookmarking causing bugs on a computer before, but now I know it's possible.

This message has been edited. Last edited by: Falcon Gal,

Falcon, I don't blame you for being mad! I have never heard of a bookmark doing this either!! Anyway, glad you are up and running again.

Bummer!

Falcon -

Sorry to hear about your troubles, but at least you've got a new [to you] machine!

SP2 did the same thing to one of my machines - After I said 'to heck with it' and re-installed XP, I found out how I could have restored the dang machine without loosing my info (there are 5 files you need to copy from one place to another). I now make sure my backups are current, and I make use of the 'System Restore' feature

Hi Bjones, the new one is much nicer. It has an extra hard drive for backing up everything and stuff on it that the old one didn't have. It wasn't possible to back anything up on the old one because it wouldn't save anything to a disk.

Sorry to hear you lost your info. That SP2 seems to have caused a lot of problems.

I never thought that bookmarking pages could cause such problems. I thought it would be a good idea to share the story of what happened so that if anyone else runs into a hijack problem that doesn't show up on scans they'll be aware of the possibility.

I am always using the system restore. It is sort of like getting a second chance!