OIT Help Desk
Archived Computer Viruses
January 2004 to December 2004
Patch for IFrame flaw in Internet Explorer Released
Microsoft has released a patch for the serious IFrame flaw that was
discovered a month ago. It is available through Windows Update. You can
access
Windows Update here. Further information about this is available
from
ZDNet here. [original
article]
Updated by: Andrea at 10:46
am on
December 3,
2004
What is MarketScore and how can I remove it?
MarketScore (previously Netsetter) is a program which claims to increase
the speed of your internet connection. In reality it routes all internet
traffic on the computer through their servers, even secure (SSL)
transactions (which include buying items on-line). [original
article]
Updated by: Andrea at 3:50
pm on
December 2,
2004
QuickTime and RealPlayer Flaws
Newly discovered security flaws in Apple's QuickTime 6.x and
RealNetworks' RealPlayer 10.x expose affected computer systems to
attack. Both companies have issued updates to fix the problems.[original
article]
Updated by: Andrea at 4:50
pm on November
11,
2004
IFrame flaw in Internet Explorer
A flaw in Internet Explorer that allows a virus to infect a computer
after viewing a Web site that is setup to exploit this flaw. There is
currently no fix for this problem. Please be cautious when clicking on
any Web site links in E-mail or otherwise. This flaw is utilized by
several viruses including Mydoom. [original
article]
Updated by: Andrea at 9:48
am on
November 17, 2004
W32.Mydoom
A characteristic of this virus is that it claims to be
from the ISU support team and it is further deceptive as it contains
warnings that are worded to give an appearance of an official messages
from ISU. Newer variants use
the
IFrame flaw to infect the computer by including a Web site link that
exploits this flaw.[original
article]
Updated by: Andrea at 8:46 am
on November 12,
2004
Windows XP Service Pack 2
If your computer is configured for Automatic Updates it will download
and attempt to install itself. The update focuses on increased network
security in response to the overwhelming number of worms and viruses
which target Windows machines...[original
article]
Updated by: Andrea at 11:12 am
on August
19, 2004
W32.Korgo
This is a fast spreading computer worm that is affecting
computers simply by connecting to the Internet. No e-mail attachment
must be opened; in fact, no user interaction is required at all. And
making matters worse, traditional antivirus software won't prevent
infection, even if it's updated...[original
article]
Updated by: Andrea at 3:25 am
on June
4, 2004
Sasser
This new computer worm, (W32.Sasser.Worm), or Sasser, has
been infecting many computers on the Internet since being discovered
Saturday, May 1st. It is currently infecting a number of computers on
the ISU campus...[original
article]
Updated by: Andrea at 11:24 am
on May
4, 2004
W32.Netsky
-
Information Updated April 28, 2004
W32.Netsky is a set of mass-mailing worms.
Some variants of the worm scan drives C through Z for email addresses
and send itself to those that are found. Others copy itself to shared
drives...[original
article]
Updated by: Andrea at 7:58 pm
on March
2, 2004
W32.Beagle
-
Information Updated April 28, 2004
W32.Beagle.B@mm is a set of mass-mailing worms
that open a backdoor on varied TCP ports allowing hackers access to the
machine. The worm uses its own e-mail server to send out e-mails. It can
also send the attacker the port on which the backdoor listens and a
randomized ID number...[original
article]
Updated by: Andrea at 7:58 pm
on March
2, 2004
W32.Mydoom
- Information Updated April 20, 2004
W32.Mydoom is a set of
mass-mailing worms. This worm performs Denial of Service (DoS) attack on
various websites and opens a backdoor on varied TCP ports allowing
hackers access to the machine. Some variants of the worm may download
and execute files...[original
article]
Updated by: Andrea at 7:58 pm
on March
2, 2004
W32.Witty.Worm
The following is a caution to users of
BlackIce and RealSecure software. W32.Witty.Worm utilizes a
vulnerability in the BlackIce and RealSecure products listed below.
...[original
article]
Updated by: Andrea at 5:50 pm
on March
22, 2004
Possible Hoax - Outstanding Student Honor Society
The message below is possibly an
E-mail Hoax that has been received by students at ISU as well as other
Universities around the country...[original
article]
Updated by: Andrea at 7:01 pm
on March
5, 2004
W32.Beagle.J@mm
It has been reported that a mass mailing worm
named W32.Beagle.J@mm is spreading through e-mail. It is appears to come
in a format as addressed from: indstate.edu addresses and it is further
deceptive as it contains warnings that are worded to give an appearance
of an official messages from ISU...[original
article]
Updated by: Andrea at 1:06 pm
on March
3, 2004
W32.HLLW.Doomjuice.B
W32.HLLW.Doomjuice.B uses computers
infected by W32.Mydoom.A@mm to spread. This worm also launches a Denial
of Service (DoS) attack on the Microsoft Web site....[original
article]
Updated by: Andrea at 2:24 pm
on February 16, 2004
February 20, 2004:
W32.Mydoom.F@mm Is a mass-mailing worm that will perform a Denial
of Service (DoS) against www.microsoft.com and www.riaa.com. The worm
sets up a backdoor in an infected system, by opening TCP port 1080. This
could allow an attacker to connect to a computer and use it as a proxy
to gain access to its network resources.....[original
article]
Updated by: Andrea at 3:35 pm
February 25, 2004:
W32.Netsky.C is a mass-mailing worm that sends itself to the
email addresses it finds when scanning hard drives and mapped drives.
This worm also searches drives C through Z for the folder names
containing "Shar," and then copies itself to those folders.
....[original
article]
Updated by: Andrea at 1:52 pm
February 18, 2004:
W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine
to send itself to the email addresses it finds when scanning the hard
drives and mapped drives. This worm also searches drives C through Z for
folder names containing "Share" or "Sharing," and then copies itself to
those folders....[original
article]
Updated by: Andrea at 1:52 pm
February 18, 2004:
W32.Beagle.B@mm is a mass-mailing worm that opens a backdoor on
TCP port 8866 allowing hackers access to the machine. It can also send
the attacker the port on which the backdoor listens and a randomized ID
number....[original
article]
Updated by: Andrea at 1:52 pm
February 11, 2004:
Warning: The following is a message has been sent out by email.
The email is a hoax similar to the
Nigerian 419 scam. Subject:
CONGRATULATIONS !
FROM: THE PROMOTIONS MANAGER,...[original
article]
Updated by: Andrea at 7:40 pm
January 27, 2004:
The ISU campus e-mail system is receiving large numbers of e-mail
messages carrying the W32/Mydoom@MM mass-mailing worm. The message may
be from any source and have random subjects and messages; however they
will also have attachments. The attachment may have a variety of names,
the one we are primarily seeing is Text.zip...[original
article]
Updated by: Andrea at 11:35 am
January 20, 2004:
W32.Beagle.A@mm is a mass-mailing worm that accesses remote Web
sites and sends emails to any addresses it finds. The worm also installs
software on the infected machine that allows hackers to take control of
the computer. The e-mail subject: is "Hi"...[original
article]
Updated by: Andrea at 12:51 pm
Archived Virus and Security Alerts: