Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions
  Automated PC Solutions
      VACM - Virus Alerts for the Common Man
Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions
  Google
Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions

Iraqi War sparks rise in Cyber Attacks, viruses, worms, trojans (Ganda, Cult)



Greetings from The VACM Team,

In This Issue:
----------------------
- Iraqi War sparks rise in Cyber Attacks, viruses, worms, trojans (Ganda, Cult)

 You are free to forward this critical information to anyone
 you wish as long as it is not modified in any way.

 People wishing to subscribe to the VACM Alerts may do so at:
     http://apcsnh.com/vacmsign.htm


***************************************************
* The Bottom Line... two worst issues at present
***************************************************
The First Issue:
----------------------
"Ganda" cleverly lures victims and fends off Antivirus Programs.
Your knowledge and discression is the best course of action.

The new worm, named "Ganda" (I-worm.Ganda), is clever and will
doubtless dupe the more curious users into executing its payload.

"Ganda" lures in readers with its email message, containing
interesting themes often followed by a "call to action"
that leads the more curious among us to click on and launch
the attached virus executable, despite its suspicious nature.

Payload:
  Large scale e-mailing: Sends mail to all the contacts in
     the Windows Address Book
  Modifies files: Adds code to the .exe and .scr files to
     execute the worm
  Compromises security settings: Attempts to terminate
     various security products Distribution

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Themes used in the email body include:
+
+ - cat lovers are lured by a "four kittens running around"
+        screensaver (ScreenSavers are executables, too!)
+ - a promise to display an animation the FBI "wants to stop"
+ - a screensaver that, once viewed, will make it hard for
+        anyone to say George Bush is not an alien
+ - several messages referring to nazi related themes
+ - a screensaver showing an image captured by "one of the US
+        spy satellites during one of it's missions over Iraq"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Ganda spreads via the Internet as an email with an attachment,
which, if run by the recipient, inserts itself into Windows
components and protects itself against anti-virus programs.

The worm itself is a Windows PE EXE file, 45056 bytes in size
and written in Assembler language.

Ganda takes its subject line and message body text from ten
different selections in both Swedish and English, depending on
a computer's language settings.

The attachment filename follows a system where the name is
xx.scr where "XX" is two random letters ranging from
"a" to "z".

Once again-  ScreenSavers (.SCR files) are executables, too!

The "Ganda" worm defends itself against anti-virus programs by
terminating active processes found to contain the following
text strings: virus, firewall, f-secure, symantec, mcafee,
pc-cillin, trend micro, kaspersky, sophos, norton.

For more detailed information, see the following Symantec page:

  http://apcsnh.com/vacm/gandainfo.html

The Second Issue:
--------------------
The Cult virus.  
The Cult worm virus email looks like this:

Subject: Hi, I sent you an eCard from BlueMountain.com

Message: To view your eCard, open the attachment.  If you
  have any comments or questions, please visit
  http:/ /www.bluemountain.com/customer/index.pd
  Thanks for using BlueMountain.com.

Attachment: BlueMountaineCard.pif
(NOTE: PIF files are executables!)

W32.HLLW.Cult@mm also attempts to spread using the KaZaA
file-sharing network.

Systems Affected:
  Windows 95, Windows 98, Windows ME, Windows NT,
  Windows 2000, Windows XP

Systems Not Affected:
  Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux

What Cult does:
  Sends mail to a randomly generated email address contained on
     one of the following domains: hotmail.com, msn.com,
     yahoo.com, Roadrunner.com, Earthlink.net, email.com
  Modifies files: Modifies the registry and compromises
     your security settings, allowing unauthorized access
     to infected computers.

For more detailed information, see the following Symantec page:

  http://apcsnh.com/vacm/cultinfo.html


***************************************************
* What You Should Do
***************************************************
Do these in the order shown-

1. Be SURE your antivirus software is up to date.  Be sure, do an
  update manually.  A full system scan after the update is
  highly advisable, also.

2. Long time VACM subscribers will remember our article regarding
  how to handle email attachments safely.  See our "Fear No
  Attachments" article at:

     http://www.apcsnh.com/vacm/vacm090501.html

  NEVER double-click on an attachment.  Instead, right-click
  on the attachment, do a "Save-As" and save the attachment
  to your Desktop.  This technique will give your antivirus
  software a chance to scan the attachment.

3. If you have not yet done so, harden your system further by
  referring to the VACM "HowTo" articles at:

     http://www.apcsnh.com/vacm/




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page