skip to: page content | links on this page | site navigation | footer (site information)

ZNet

Web Mail | Password Change | Dialup Numbers
Products and Services | Customer Services | Technical Information | Contact Us
56K Dial-up | ISDN | DSL | High Speed Access | Web Hosting | Web Design
Technical Support | Access Numbers | Web Mail | Contact Us
Technical Support Page | Dialup Support | DSL Support | Email Support | Virus and Spam Support
By E-mail | By Telephone | By Postal Mail | By Fax
subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link
subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link
subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link

Virus Alerts

small logo

1/28/2005 - W32/Bagel.bj

The name may change depending on which anti-virus progam you use.

W32/Bagle.bj@MM is a Medium Risk mass-mailing worm that
tries to open a backdoor on your PC. Carried inside an email
attachment, the virus spreads by emailing itself to stolen
contacts and via file-sharing programs such as KaZaa,
Bearshare and Limewire. Like its many predecessors,
W32/Bagle.bj also tries to turn off anti-virus and other
security software protection.

Updated McAfee VirusScan users with DAT 4423 are
protected from this threat. Note: To fortify anti-virus
defense against viruses that carry backdoor payloads, we
recommend installing McAfee Personal Firewall Plus: http://us.mcafee.com/root/campaign.asp?cid=11276

--> What should I look for?

FROM: Varies (spoofed)
SUBJECT: Examples: Delivery service mail, Delivery by mail,
Registration is accepted, Is delivered mail, You are made
active
BODY: Examples: Thanks for use of our software. Before use
read the help.
ATTACHMENT: Examples: wsd01, viupd02, siupd02, guupd02,
zupd02, upd02, Jol03 (with an extension of .exe,
.scr, .com or .cpl)

--> How do I know if I've been infected?

Unexpected communication ports open on infected machine.
Outgoing messages with noted body content and attachments.

--> How do I find out more?

View details about W32/Bagle.bj@MM here.
http://us.mcafee.com/root/campaign.asp?cid=13415

 

W32/Zafi.b@MM

W32/Zafi.b@MM is a Medium Risk mass-mailing worm that
spreads via email and peer-to-peer applications.

When spreading via email, the worm will both spoof the
sender's From address and send itself out in different
languages depending on the top level domain of the
recipient's email address. For example, if the address ends
in .COM, the virus's email body will appear in English. If
the address ends in .DE, the email will appear in German.

The worm also attempts to cripple anti-virus and firewall
software installed on a user's system by locating and
overwriting a user's security software with copies of itself.
Furthermore, the worm will attempt to thwart manual detection
by terminating key Windows processes.

------------------------------------------------------------
WHAT TO LOOK FOR:

FROM: Varies (forged addresses taken from infected system).

SUBJECT: Varies. Examples:
- You've got 1 VoiceMessage!
- Don't worry, be happy!
- Check this out kid!!!

BODY: Varies.
- Hi Honey! I'm in hurry, but i still love ya... (as you can
see on the picture) Bye - Bye:
- Send me back bro, when you'll be done...(if you know what
i mean...) See ya,

ATTACHMENT: Varies. The worm will be attached with a .pif
file extension.

Scan for W32/Zafi.b@MM:
==> http://us.mcafee.com/root/campaign.asp?cid=10564

 

W32.Bagle

Since Wednesday, a new worm has been release, the W32.Bagle.J.
We have seen three different messages (see below) each message has a zipped file attached.
In the message, it asks that you run the attachment and enter a code.

Our virus scanners are currently recognizing and blocking this virus.

For further information about this virus, including removal tools, use the following link.

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html

Example 1

Dear user, the management of 2z.net mailing system wants to let
you know that, Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your account information.

Advanced details can be found in attached file.

In order to read the attach you have to use the following password:
20363.

The Management,
The 2z.net team http://www.2z.net

Example 2

Dear user, the management of 2z.net mailing system wants to let you
know that, Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.

Please, read the attach for further details.

For security reasons attached file is password protected. The
password is "44787".

Sincerely,
The 2z.net team http://www.2z.net

Example 3

Dear user of e-mail server "2z.net",

Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.

For details see the attach.

Attached file protected with the password for security reasons.
Password is 44787.

Kind regards,
The 2z.net team http://www.2z.net

About Us | Site Map | Billing/Privacy Policy | Rules of Conduct | Contact Us | ©2005 Znet Inc