|
|
 |
11-28-2012, 12:40 PM
|
#1
|
|
Administrator
Elite Member
Join Date: Mar 2001
Location: Western NY
Posts: 40,061
|
New virus out there that's spreading rapidly?
Got this in a forwarded email:
Quote:
I wanted to give everyone a heads up that there is a Virus running rampant in the world. Looks like it came out late on November 22, and as of late yesterday (November 27), it has spread very quickly around the world. There isn’t a specific name for it, and all of the AntiVirus companies are scrambling to come up with a fix. We have been in contact with our AV vendor, who indicated that they have identified the effects of the virus and are working on a fix…
At the moment, the way to know if you have it, is that all of your files and folders are “hidden”, NOT deleted. And, files are dropped into directories with the name of sexy.exe, porn.exe, secret.exe, and password.exe. These .exe files are the virus, if you click these, it will search through all of your drives and hide everything. If you have a USB drive, the virus will be written here, for transport…
Keep this in mind when using your own personal computers at home, and most importantly, your USB drives are vulnerable. Be sure to update your AV definitions on a nightly basis.
|
Just a heads up. I heard that an area university "lost" much of their network.
|
|
|
|
11-28-2012, 08:31 PM
|
#2
|
|
Super Moderator
Elite Member
Join Date: Oct 1999
Posts: 30,563
|
Anyone interested in disabling the AutoRun attack vector can scroll down this Microsoft knowledge-base page and look for the Fix-It icons:
http://support.microsoft.com/kb/967715
This arbitrarily prevents all forms of AutoRun, malicious or otherwise, so it's a trade-off of some ease of use versus security. AutoRun worms are very common, so I opt for security.
A further countermeasure: Software Restriction Policy. If you want heavy-duty protection from exploit payloads and userland malware, it may be worth the effort. http://www.mechbgon.com/srp
|
|
|
|
|
11-29-2012, 06:00 AM
|
#3
|
|
Diamond Member
Join Date: Aug 2004
Location: North GA
Posts: 7,598
|
This has happened on a couple of the older xp machines I manage, but months ago. Its definitely not the first to do this. Its certainly neat, but annoying. The last one I've dealt with hid everything, even program files, start menu, messed with my computer, messed with device manager and made it impossible to mount any devices. Pretty thorough and I don't even know what the point was, but it created some troubles to get the files off.
__________________
 ...  ...  ... 
|
|
|
|
|
12-02-2012, 02:50 PM
|
#4
|
|
Golden Member
Join Date: May 2003
Posts: 1,906
|
Quote:
Originally Posted by mechBgon
Anyone interested in disabling the AutoRun attack vector can scroll down this Microsoft knowledge-base page and look for the Fix-It icons:
http://support.microsoft.com/kb/967715
This arbitrarily prevents all forms of AutoRun, malicious or otherwise, so it's a trade-off of some ease of use versus security. AutoRun worms are very common, so I opt for security.
A further countermeasure: Software Restriction Policy. If you want heavy-duty protection from exploit payloads and userland malware, it may be worth the effort. http://www.mechbgon.com/srp |
Even still, do I have the willpower not to run sexy.exe as admin? It could be...really, really sexy, damn those malware authors!
__________________
"Your heart is in the right place. But still, you are a very disturbed individual."
-Xionide
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 06:59 PM.
|
