posted on January 19, 2004 07:23:38 PM new
Hello All,
About 1PM eastern time on the CNN tape that runs across the TV screen. I think? I caught out of the corner of my eye something about a computer worm being released out of either Ebay or PayPal. Did anyone else hear anything about this worm?
posted on January 19, 2004 07:26:53 PM new
Yes I saw it too, do you know more, it said it was targeting ebay paypal transactions, with a email worm , I think?
NEW YORK (AP) -- A new Internet virus was spreading fast throughout Asia, Australia and Europe but computer security experts were divided on the seriousness of the threat from the "Bagle" worm.
Experts expected some impact in the United States when people returned to work Tuesday after a holiday weekend.
The "Bagle" or "Beagle" worm arrives in an e-mail with the subject "hi" and the word "test" in the message body. If the accompanying attachment is executed, the worm is unleashed and tries to send itself to all e-mails listed in the user's address book.
Sometimes the attachment is designed to look like a Microsoft calculator, said David Perry, spokesman for antivirus software firm Trend Micro Inc.
The virus only affects machines running Microsoft Windows operating systems.
"It's clumsy," Perry said from Lake Forest, California, adding that most people knew better than to click on an attached calculator: "I don't get e-mails with calculators in it, do you?"
The worm started spreading on Monday and most corporations have already protected themselves against it, Perry said.
Carey Nachenberg, chief architect of Symantec Research Labs in Cupertino, California, said home users, not corporations, were most at risk because companies had protected themselves quickly.
"We could see this fizzle out in several days," Nachenberg said. "Or we could also see a lot of people infected" if they don't update their antivirus software.
Censorship, like charity, should begin at home; but unlike charity, it should end there --Clare Booth Luce
A mass-mailing email worm that also spreads via P2P networks targets eBay users in a fashion similar to Mimail.J's targeting of PayPal users. The worm, dubbed W32.HLLW.Cayam@mm by antivirus vendor Symantec, was discovered on December 16, 2003.
Users who open the Cayam worm will be presented with a screen that mimics the look and feel of the legitimate eBay site. Information requested by the worm includes the user's eBay login ID and password, credit card and banking details, social security number and other personal financial details. Inputting this information provides the Cayam worm author with more than enough details to pull off credit card fraud or even complete identity theft.
Via email, the worm arrives as an attachment named eBayVerify.exe. Via KaZaA and eMule P2P networks, the worm disguises itself as Mayacrack.exe and 3dsmaxcrack.exe, respectively. Crack programs are frequently sought after on filesharing networks by users who wish to illegally break into copies of software in violation of copyright. There is an odd sort of irony to a worm which attempts to steal financial details from persons who are stealing software.
Using addresses found in the Windows address book, the Cayam worm composes and sends itself via email as follows:
Subject: Verify your eBay account information
Dear Ebay user,
Dear valued member, It has come to our attention that your eBay Billing Information records are out of date. That requires you to update the Billing Information If you could please take 5-10 minutes out of your online experience and update your billing records, you will not run into any future problems with eBay`s online service. However, failure to update your records will result in account termination. Please update your records in maximum 24 hours. Once you have updated your account records, your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.
Please open attachment to update your billing records.
Thank you for your time!
Marry Kimmel,
Method of infection
The Cayam worm drops copies of itself as follows:
Virus writers are using spam and a Trojan horse program to deliver new worm.
Paul Roberts, IDG News Service
Thursday, January 15, 2004
After releasing a new version of the Mimail e-mail worm last week, virus authors are using a new tool to help it spread: spam e-mail containing a Trojan horse program that, once installed, retrieves and installs the worm.
The new threat, which targets customers of EBay's PayPal online payment service, highlights a growing trend in which online criminals combine computer viruses, spam distribution techniques, Trojan horse programs, and "phishing" scams to circumvent security technology and fool Internet users, says Carole Theriault, security consultant at Sophos in Abingdon, England.
Antivirus companies including Sophos and Kaspersky Labs warned customers Thursday about the new threat, which arrives in e-mail in-boxes as a message purporting to come from online payment service PayPal.
Get the Message
The message subject line is "PAYPAL.COM NEW YEAR OFFER" and it reads, in part: "for a limited time only PayPal is offering to add 10 percent of the total balance in your PayPal account to your account and all you have to do is register yourself within the next five business days with our application (see attachment)!"
For their computers to be infected, users who open the compressed Zip file attached to the e-mail must then open a second file, which installs a Trojan horse program. That program connects to a Web site in Russia and retrieves the latest version of the Mimail worm, Mimail-N, Theriault says.
Once installed, Mimail-N alters the configuration of Microsoft Windows so that the worm is launched whenever Windows starts, harvests e-mail addresses from the computer's hard drive, and mails copies of itself out to those addresses. It also creates phony PayPal Web pages used to prompt the user to enter credit card numbers and other personal information, according to an alert issued by Kaspersky Labs.
Information that is harvested is sent to the same Russian Internet site from which the Mimail worm was retrieved, Theriault says.
New Strategy
The strategy of using a Trojan program to retrieve the new virus is unorthodox, and may be intended to circumvent antivirus products that have already been updated to spot the new versions of Mimail, she says.
Trojan horse programs cannot spread on their own, like e-mail or Internet worms, but they do provide a new way to infiltrate a computer on a network that is using antivirus protection at the e-mail gateway. If the antivirus product has not been updated to detect the new Trojan program, e-mail messages containing it can slip by those defenses and be opened by users, she says.
The biggest impact of the new worm will be on home Internet users who have not installed desktop antivirus or firewall products, she says.
Even if users end up falling for the ruse, organizations that use firewalls and desktop antivirus products should be able to spot the Trojan program once it is installed on the desktop or prevent it from connecting to the outside server and retrieving a copy of the Mimail worm, she says.
Censorship, like charity, should begin at home; but unlike charity, it should end there --Clare Booth Luce
posted on January 19, 2004 08:55:32 PM new
I received two emails today. One had the Bagle virus and other was a total shut down of the receivers mail box due to a virus. Both said I sent the emails but I have never sent to either of the addresses. I have virus protection from my ISP that is updated every 15 minutes. I have no idea who the emails were from as I don't recognize the address. I called my ISP and evidently I am in someone's mail box and it was sent to me. Whew. I guess I dodged a bullet.
posted on January 19, 2004 10:01:23 PM new
Just out of curiosity... Can anyone explain to me why someone would randomly install emailed programs on their computer?
~~~ • ~~~ • ~~~ • ~~~ • ~~~
If it's really "common" sense, why do so few people actually have it?
posted on January 20, 2004 05:38:13 AM new
trojans, viruses and worms, oh my....
___________________________________
Mi abuelita me dijo "en boca cerrada no entran moscas".
posted on January 20, 2004 07:00:33 AM new
Isn't it just a matter of time until the "Bad Guys" clone sellers' email addresses and send "End of Auction" notices with bogus PayPal links?? This whole notion of accessing PayPal through an email has me nervous!
posted on January 21, 2004 05:13:48 AM newCan anyone explain to me why someone would randomly install emailed programs on their computer?
I dunno. Maybe the lure of getting something for nothing? Never, never, ever open an email attachement from anyone. That's my motto. Not even from people you know. They may have a virus on their machines. Everyone I email knows that if they send me a forwarded message that comes as an attachment, I will not open it. We need to make these scumbags get a life.
posted on January 21, 2004 06:34:39 AM new
The sad part is the more of a challenge, the more of a target you are, so even if you think you are doing everything safe....
Anyway, you really think these AV people put out the software and then sit back and do nothing for 2 years?! How the hell would they keep their jobs? I may be paranoid, but I don't really think they are NOT part of the whole virus/hacking community to begin with.