Once Again, Some Help Please?

[Alan]

Ok,

 

Here is the thing, today I got this message:

 

Subject:  Important

From:  alan@tinywizard.net

Date:  Sun, May 2, 2004 1:15 pm

To:  alan@tinywizard.com

Priority:  High

And it contained:

 

 

 

Important!

 

Attachments: 

 

Part-2.zip  29 k  [ application/octet-stream ]    download

 

And it flagged:

 

Norton AntiVirus has detected a virus in 'Part-2.zip'.

 

 

I know this has been asked alot, but how could someone be sending viruses with my e-mail account, to me?

 

I am going to switch to a new e-mail account so that maybe it will stop.

[Alan]

The flag is as follows:

 

High Risk

Object Name C:\Documents and Settings\NetDownloads\Part-2[1].zip

Virus Name W32.Netsky.Z@mm

Action Taken Unable to repair this file.

 

(Because it is not on my PC, just in my email, it stops me from downloading them)

[TCH-Bruce]

Alan, here is the info on this virus.

 

Netsky.Z sends itself via e-mail using its own SMTP engine.

 

Initially, it searches files with the following extensions on drives C: to Z: (excluding CDROMs) for addresses to send itself to:

 

adb

asp

cfg

cgi

dbx

dhtm

doc

eml

htm

html

jsp

mbx

mdx

mht

mmf

msg

nch

ods

oft

php

pl

ppt

rtf

sht

shtm

stm

tbb

txt

uin

vbs

wab

wsh

xls

xml

 

It spoofs the 'From' address of the message by either inserting one of the e-mail addresses that it harvested from the affected machine or using the address jamainlbbbsdef@yahoo.com.

 

The e-mail messages generated by the worm have the following characteristics:

 

Possible Subjects:

Important

Document

Hello

Information

Hi

 

Possible Message Bodies:

Important informations!

Important textfile!

Important!

Important data!

Important bill!

Important document!

Important notice!

Important details!

 

The attachment is a zipped copy of the worm and uses one of the following names:

 

Informations.zip

Textfile.zip

Part-2.zip

Data.zip

Bill.zip

Important.zip

Notice.zip

Details.zip

 

When extracted, the file masquerades as a text file using a text file icon. It has two extensions, one following the other with spaces in between.

For example "Textfile.zip" would contain "Textfile.txt [spaces] .exe" executable.

 

Backdoor Functionality

Netsky.Z opens a backdoor on TCP port 665. This allows arbitrary executable files to be uploaded to the affected machine and then executed.

 

Denial of Service Attack

If the date is between 2 and 5 May 2004, the worm launches a Denial of Service attack against the following addresses:

 

www.nibis.de

www.medinfo.ufl.edu

www.educa.ch

 

It performs this attack by creating multiple threads, each sending data to TCP port 80 on these addresses

Edited May 2, 2004 by TCH-Bruce

[Alan]

k, I did a complete scan of my pc, just to make sure i do not hve it and i have 0

 

 

so it is not they actually know my passwords right?

[TCH-Don]

No the virus will spoof both the to and from address,

 

Once I got about 25 virus e-mails from my Dad while he was at my house visiting.

My sister got infected, and it sent to everyone in her address book and spoofed the from address from the same address book.

 

Just keep up the virus definitions.

Edited May 2, 2004 by TCH-Don

[Alan]

Yeah,

 

I try to update norton atleast once a day, and check for new updates from microsoft atleast once a week.