Skip to main content

VIRUS ALERT! THIS IS A SNEAKY ONE!! Posted: Apr 17, 2005 10:04 AM

There is a new virus going around that the anti-virus programs don't seem to be spotting. It is contained in a zip file. If you receive any emails with a zip file attached, delete it immediately unless you know for sure what it is. The emails are signed by John Andrews; at least the one that has "Photo Approval Needed" in the subject line. it comes from collegeprep.com

The same virus is also being attached to an email stating that your website has some bad links when viewed with a Mozilla Browser. It also has a zip file attachment.

One more thing... it may not show as an attachment; it may be disguised as a web URL but if you look at it, you will see the .zip at the end. BEWARE!!! This is a bad one!
Trouble and the Grace to bear it, come in the same package.
Original Post

Replies sorted oldest to newest

hmmm - why would an up-to-date virus checker not detect it? Are you saying that they've finally written a virus that cannot be stopped?

Whilst well intentioned, this sort of announcement can panic the unwary. Keep your virus checker up-to-date (mine has been detecting ZIPs for ages) and use your common sense when opening attachments from people you don't know.

http://housecall.trendmicro.com <-- one time free check on your PC

AVG Free <-- great virus checker (free)

Ad-aware Personal Edition <-- free spyware/trojan checker

R2
I, too, am quite sure that this is unreal. I have received many hoax e-mails that begin with the words "There is a new virus going around..." The form is so similar to its predecessors and follows the typical hoax format.

Each time a supervirus or worm of this purported magnitude has come out, the media has been all over it, reporting day and night. Check it it and within a few days, it will be listed on a hoaxbuster website.
argghhh, some people shouldnt even be alowed to use computers. OK LISTEN UP REGION2.. An anti-virus checker will not detect a new virus, why should it? IT IS NEW!!! They can only detect the signitures of known viri!!

As for your AV detecting .ZIPS, no it does not. A .zip is not a virus but a legitmate file type. Your av simpily scans the zip for what files are contained within it and it may or may not be a virus (most likely not!)

As most email providors now block all executible files people have started zipping their viruses to get around this block but that doesnt mean every .zip is a virus.

Lesson over..

p.s. chatter. it wasnt a hoax, the mentioned virus was a small trojan dropper which is now caught by all major anti-virus.

b00m cha!
aobuluz - thanks for the lesson - there was me thinking that I knew stuff but it turns out I don't know nuffink! Razz

A quick search of the web reveals this posting elsewhere by someone with the same ID:
quote:
Hello.

I am the founder of Hackarmy. We have continued with our distributed denial of service attack on the bnp website and will not cease untill the hosting companys terminates the account. I read over the information posted on the bnp's website and had a good laugh. No we are not a terrorist organisation and no we are not affiliated with Al Quida.
Back to the story - Viruses tend to act in similar ways and virus checkers tend to spot these actions and flag them as suspicious. Likewise, if your virus checking software is kept current and you open a dodgy zip file then it will be detected by a virus checker. I say again - keep your system up-to-date and there would be no need to forward on Virus Alert emails unnecessary. That said, opening attachments from people you don't know should be avoided... just in case!
R2
Not sure what hackarmy is but it's nice to see I am not unique!!

If your virus checker is kept current it will still only detect KNOWN viri.... However, you are correct, if it happens that a new virus is of similar design to an allready existing one then the AV will still match signitures and report it as "POSSIBLE NEW MALWARE"

This does not keep you safe though as code can vary meaning it is possible to evade all AV signitures..

As you said, it is better to be wary of attachments from people you do not know.

"hmmm - why would an up-to-date virus checker not detect it? Are you saying that they've finally written a virus that cannot be stopped?"

A little naive i'm afraid, sorry if I sounded patronising however, a glass of wine to many last night me thinks Wink
Yup, I'd gotten half a zillion of these...wrote to Hotmail, who'd sent back a form letter having nothing to do with the problem. These people even used "Hotmail Safe Attachment" in many of them.

Tell-tale sign is the file size...about 50K...nothing that anyone would need to zip ;-)

They seem to be filtering them out now, but new tricks are always around the corner. AND - as it's been said, a virus checker can only work on known virii, or deviations of the same.

Just don't open any attachment or file from ANYONE, unless you know and have contacted the sender prior to opening it.

Shoot...even then be suspect, the person may have a virus they're unaware of.

"Common sense seems to be the least common commodity"
Some dadgum malware killed my computer! MadMadMad

My browser was continually being redirected to the Gary Null natural living web site. This is not a site I've ever visited voluntarily. I tried AdAware, Spybot S&D, Microsoft Antispyware, McAfee, and a few others but the scans kept coming up clean. It was driving me crazy and I posted on a couple of tech support boards without getting much help. When I e-mailed the webmaster over that web site, she said that the problem was caused by a hacker that put a bug on the pogo.com site and that others had contacted pogo and were told how to get rid of it. I don't remember ever going to pogo either, but e-mailed them and they said the problem seems to be happening when people bookmark a web site that they host. They also said they have lots of sites that change often, and they wouldn't help me with it because they don't give advice on anything other than their own software. From looking at chat boards, the bug seems to exploit a problem in the 2004 version of Firefox, which is what I was using.

I removed all the bookmarks since well before the problem started and was free of the problem for over 5 hours. I ran all the scans again, then downloaded the XP SP2 to try to keep that thing and any other junk off. The SP2 crashed the computer and I couldn't even get it to start in safe mode to do a system restore. I had to take off from work to take the computer into town. Fortunately, the computer repairman was able to save my data. The old computer would have cost more than it was worth to repair since it also had another previous problem (refused to copy anything to a disk) so now I have a different computer. It's a slightly used one that he modified and much nicer than the old one, but that dang hacker still caused the death of my other computer!!!! Mad

Beware of what you bookmark. I never heard of bookmarking causing bugs on a computer before, but now I know it's possible. Frown
Last edited by falcongal
Falcon -

Sorry to hear about your troubles, but at least you've got a new [to you] machine!

SP2 did the same thing to one of my machines - After I said 'to heck with it' and re-installed XP, I found out how I could have restored the dang machine without loosing my info (there are 5 files you need to copy from one place to another). I now make sure my backups are current, and I make use of the 'System Restore' feature Smile
Hi Bjones, the new one is much nicer. It has an extra hard drive for backing up everything and stuff on it that the old one didn't have. Smile It wasn't possible to back anything up on the old one because it wouldn't save anything to a disk.

Sorry to hear you lost your info. Frown That SP2 seems to have caused a lot of problems.

I never thought that bookmarking pages could cause such problems. I thought it would be a good idea to share the story of what happened so that if anyone else runs into a hijack problem that doesn't show up on scans they'll be aware of the possibility.
Microsoft Windows XP Service Pack 2. It was the last BIG update package that included things like 'Security Center' and turned off windows messaging. Also had lots of bug fixes.

Unfortunately, the automatic update for SP2 doesn't work on a number of computers, and can do anything from just not installing, to trashing your registry (that's what happened to me).
quote:
argghhh, some people shouldnt even be alowed to use computers. ... anti-virus checker will not detect a new virus, why should it? IT IS NEW!!! They can only detect the signitures of known viri!!


You're right, some people shouldn't be allowed to use computers. And if understanding how an anti-virus program works is a prerequisite for computer use, then you shouldn't be allowed to use one either.

Modern Antivirus programs detect new viruses they haven't seen on a regular basis. The technique is called "heuristic analysis", and involves looking at what they do, not how they do it. For example, if it's hooking keyboard input, opening a port, and modifying explorer.exe, it's probably a virus. If it's a Word document with a macro designed to self-replicate in any way, it's probably a virus. Norton has been doing this for years.

quote:
As most email providors now block all executible files people have started zipping their viruses to get around this block but that doesnt mean every .zip is a virus.

Most antivirus programs used by ISPs will automatically unzip the file and scan the contents. The reason for zipping is actually to get around Microsoft Outlook, which doesn't by default allow .exe files. It's not to avoid the antivirus programs.

The exception to the above is the viruses that encrypt a zip file with a password, than include the password in the email. That makes it difficult for antivirus programs on the email server to scan, but only a couple of viruses have used that technique.

quote:
Lesson over..

There are so many sources of blatantly wrong information out there. Try not to be one yourself.

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×