| Leave This Bulletin Alone | |||||||||||||
| Bogus MS Security Bulletin tempts users into infection | |||||||||||||
Two bogus Microsoft® Security Bulletins have been discovered in circulation. Unsuspecting users who followed the link to the "patch" provided were dished up a copy of a nasty worm. The Leave worm is able to detect systems infected with the SubSeven Trojan and access those systems to plant the worm there as well. (A SubSeven Trojan infection leaves machines vulnerable to anyone with the client portion of the Trojan, providing remote access capability to affect any action the user can). The Leave worm also has the ability to self-update via special plugins automatically downloaded via the Web. As with any worm capable of self-updating, the actions taken by the worm may evolve. Current known versions of the Leave worm already contain a high-degree of functionality. According to F-Secure, the Leave worm at a minimum can:
Microsoft® has published an information bulletin advising users of the bogus alerts. A copy of the most recent false bulletin follows:
The following is a Security Bulletin from the Microsoft Product Security Notification Service.
Please do not reply to this message, as it was sent from an unattended mailbox.
********************************
- ----------------------------------------------------------------------
Title: Vulnerability in Windows systems allowing an upload of a serious virus.
http://www.microsoft.com/technet/security/bulletin/MS01-039.asp
- ----------------------------------------------------------------------
Yesterday the internet has seen one of the first of it's downfalls. A virus (no name assigned yet) has been released. One with the complexity to destroy data like none seen before.
Systems affected:
=================
======
Officials say this virus is unique in many ways. It spreads via new forms, such as using a new vulnerability in Windows
98 allowing already infected computers to upload (send files) to non-infected computers, this means that you do not have
to download or visit a site to be infected with the virus. The infected computers are programmed to scan for computers
running Windows 9x, and Windows 2000 and uploading the virus.
-What the virus does:
The virus itself is a threat to normal users aswell as businesses. Cooper from microsoft said "This virus has the ability
to wipe out most of the internet users and the chances are it will, the risk is high, patches must be installed to affected systems." The virus itself is made for one reason and one reason only, to reproduce, destroy documents, delete mp3 files,
movie files, infect .exe files, this virus also has a unique feature that destroys the BIOS (Basic Input Output System),
which means ones that are infected would need to purchase a new motherboard.
Patch Availability:
===================
Visit
http://www.microsoft.com@%36%32%2E%35%32%2E%31%3
(The url has been deliberately abbreviated for this article). The bulletin also includes the standard disclaimer and PGP key found on all Microsoft® bulletins in an attempt to persuade receivers of its legitimacy. However, the language and grammar found in the bogus bulletins are not at all indicative of a valid Microsoft Security Bulletin. Additionally, a perceptive user will no doubt spot the masquerading link which separates the www.microsoft.com with the "@" sign - meaning that only the last portion of the link will be followed (which is an encrypted IP address pointing to the malicious download location).
The original Leave worm was discovered in mid-June of 2001, thus users who are tricked by the bulletin but are running updated antivirus software will be protected.
|
|||||||||||||
Explore Antivirus Software
Must Reads
About.com Special Features
Build Your Own Website
Step-by-step advice on how to do everything from choosing a Web host to promoting your content. More >
Connect Your Home Computers
Easy ways to connect two computers for networking purposes. More >
©2009 About.com, a part of The New York Times Company.
All rights reserved.