- W32/Sober.C, a new Sober variant
considerable momentum in recent days, particularly in German
Due to its distribution W32/Sober.C@mm is estimated to be
Users of F-Prot Antivirus should update their virus signature
files immediately. W32/Sober.C is detected by F-Prot
Antivirus using virus signature files dated 20 December 2003
- Common name: Jitux.A
Technical name: W32/Jitux.A.worm
Threat level: High
It spreads via MSN Messenger. It goes memory resident and sends messages every five minutes.
Affected platforms: Windows 2003/XP/2000/NT/ME/98/95
First appeared on: Dec. 30, 2003
In circulation? Yes
Jitux.A is a worm that spreads via the instant messaging program MSN Messenger in a message that only contains a link to the web page . When the user visits this web page, a file called JITUXRAMON.EXE is downloaded.
Once the file JITUXRAMON.EXE is run, the computer is affected. Jitux.A goes memory resident and sends the message specified above to all the active contacts in Messenger's Contact list every five minutes.
Jitux.A is easy to recognize, as it reaches the computer when the user visits a link contained in a message received via MSN Messenger
The worm spreads as an attachment to a mail message.
The worm is using its own SMTP server.
To secure the launch of the attachment containing the worm's body named PATPAL.ASP.SCR the aggressor employs the so-called social-engineering technique. The subject YOUR PAYPAL.COM ACCOUNT EXPIRES and the message body, sent as if by the administrator of the on-line payment company PayPal, serve to persuade the user to open the infected file.
Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
Dear PayPal member,
PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address
will be expiring within five business days....
Attached file: www.paypal.com.scr
The worm will be activated only if the user will open the false form!
Win32.HLLM.Foo.25632 is detected and disinfected by Dr.Web since November 14, 2003.
If the SpIDer Mail module is active, it protects against all messages infected by this worm.
INFORMATION COURTESY OF DR WEB SOFTWARE
The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.
The email has the following characteristics:
Subject: Windows XP Service Pack 1 (Express) - Critical Update.
Attachment: winxp_sp1.exe(4,096 KB)
The Trojan is packed with UPX.
Also Known As: Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x
INFORMATION COURTESY OF NORTON
Microsoft never send patches or updates via email. So users should become aware that any such message and related file attachment is probably an attempt to compromise the security of their systems.
worm first detected on 18 January 2004. This worm has rapidly
gained momentum over the past 24 hours and has spread
Due to its distribution W32/Bagle.A@mm is estimated to be
Users of ALL Antivirus should update their virus signature
files immediately. W32/Bagle.A is detected by
Antivirus using virus signature files dated 19 January 2004
worm first detected on 26 January 2004. This worm has rapidly
gained momentum in the last few hours and has spread
Due to its distribution W32/Mydoom.A@mm is estimated to be