Previous Thread
Next Thread
Print Thread
Rate Thread
Page 1 of 2 1 2
#1373 07/20/2001 10:21 AM
Joined: Jul 2000
Posts: 1,349
Ell
Offline
Member
Member
Offline
Joined: Jul 2000
Posts: 1,349
Not only has an especially lethal email virus been circulating recently, that erases your hard drive, it now appears someone has packaged the virus code in an email targeted at the UBBDev community.

If you receive a message from "ludwigd" or "[email protected]" with the subject "section as well." DELETE IT IMMEDIATELY. The email contains an attachment called "CDCACHE.EXE" (of size 651.kb) that will activate the virus if run.

The badly-written email message makes it appear that the file is an update for the popular Multihack mod-installation system. We at UBBDev will be working very closely with author Troy Jones ( troy@multihack.com ) to prevent this from happening again.

In the mean time, please treat any impersonal or mass emails regarding UBBâ„¢ that do not come from infopop.com ubbdev.com or multihack.com with suspicion.

For more information on this virus, and another similar one which is currently circulating, please click "read more" below.

Sponsored Links
#1374 07/20/2001 10:25 AM
Joined: May 2001
Posts: 254
Member
Member
Offline
Joined: May 2001
Posts: 254
I dont understand why people do this.....


QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
#1375 07/20/2001 10:30 AM
Joined: Mar 2001
Posts: 10
Junior Member
Junior Member
Offline
Joined: Mar 2001
Posts: 10
Because they think it's fun to mess up people's computers and watch the ensuing chaos.

I got a weird email this morning - not from ubbdev, though - all in spanish with an attached .bat file. Very odd.

I need a virus scanner smile

#1376 07/20/2001 10:40 AM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Quote
quote:
That was probably the W32/SirCam@MM virus.

The McAfee.com Online Virus Scanner and ActiveSheild are inexpensive and work great. Their license also allows you to use it on ALL computers you own or use!

#1377 07/20/2001 10:41 AM
Joined: Jun 2001
Posts: 25
Junior Member
Junior Member
Offline
Joined: Jun 2001
Posts: 25
yea its just loosers with too much time on their hands... if they want to code they should be writing hacks for ubb smile


-joey
Sponsored Links
#1378 07/20/2001 10:53 AM
Joined: Jul 2000
Posts: 1,349
Ell
Offline
Member
Member
Offline
Joined: Jul 2000
Posts: 1,349
.bat files are executeable - don't run them. shocked

Further info on the original virus can be found here . The virus (which is actually a worm) will be detected by many 'old' (i.e. not-the-latest) virus scanner versions, but I reccomend everyone update their scanners as a precaution.

Known originating addresses for the original worm: (message: "hi! how are you?")

"alex" [email protected]
"Kelvindranath" [email protected]

Known originating addresses for the multihack-aliased worm:

"ludwigd" [email protected]

Known infected attachemnt names: (sizes may vary)

CDCACHE.EXE (65 kb)
Document.doc.pif (142 kb)
BA_ATR72.zip.com (275 kb)

#1379 07/20/2001 11:05 AM
Joined: May 2001
Posts: 2,798
Member
Member
Offline
Joined: May 2001
Posts: 2,798
Well, at least now we know how to avoid it.

#1380 07/20/2001 11:11 AM
Joined: Mar 2001
Posts: 7,394
LK Offline
Admin / Code Breaker
Admin / Code Breaker
Offline
Joined: Mar 2001
Posts: 7,394
I got today an email called "Hippocrates" with the file Hippocrates.doc.lnk (167kb).

I saw it's a virus because of the hidden .lnk and Norton Antivirus told me it's W32.FunLove.4099... (It has nothing to do with UBBDEV)

#1381 07/20/2001 11:21 AM
Joined: Feb 2000
Posts: 4,625
Member
Member
Offline
Joined: Feb 2000
Posts: 4,625
If you receive the viruses, forward them to me at [email protected] so I can look at the viruses.

#1382 07/20/2001 12:34 PM
Joined: Jul 2001
Posts: 23
Junior Member
Junior Member
Offline
Joined: Jul 2001
Posts: 23
Those Stupid ****in Bastards!!
excuse my language

as i am not well known i doubt i will be sent the virus,but check attatchments VERY carefully smile


Joker

Sponsored Links
#1383 07/20/2001 2:17 PM
Joined: Apr 2001
Posts: 299
Member / MultiHacker
Member / MultiHacker
Offline
Joined: Apr 2001
Posts: 299
Wow, I am amazed that someone felt MultiHack had enough of a userbase to warrant this. heh Some kids...

Of course I do NOT condone this in any way and if you have information as to who is doing this, please let me or an Admin here at UBBDev know any information you may have.

Any updates to MultiHack will ONLY be released on the MultiHack web site. I have submitted the software to download.com, but other than that, www.multihack.com is the ONLY place you should download the software from.

Even my beta testers while on occasion get a beta update in email, they are expecting the email from me.

Please forward me any emails you get with this email/virus. I would like to examine the headers of them. Working for an ISP helps to track these people down as well so I have some other resources available to me.

Standard rule of thumb though, don't run anything you get in email. If you even know who sent it to you, virus scan it anyway. Then decide if you really care what it is before you run it. More people get infected by their grandma sending them "The cute little bunny dance" than anything else. Be careful! smile

#1384 07/21/2001 1:41 AM
Joined: Mar 2001
Posts: 22
Junior Member
Junior Member
Offline
Joined: Mar 2001
Posts: 22
Don't dis da MultiHack! smile

I love that program btw Troy! smile

Whoever has done this really isn't very nice. But it's not like it hasn't happened before.

Be careful MasterMind, it's the BLUE wire... or was it red... anyhow, one false move and you are toast! eek

And anyone who would write a virus with a BATCH FILE is very dumb. I'm not saying that people who write batch files are dumb, heck I made a 1MB+ GAME out of a batch file! But this type of person is the worst, the have the least ammount of respect, the whip up a quick 5 second program and watch the world explode.. :rolleyes:

They all need to be taught a lesson. Oh well, I never received anything at my @UBBDEV.COM account.

Take care.

#1385 07/21/2001 4:38 AM
Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
Yeah this virus has been going around hotmail.com email.com home.com email addresses so this virus can be emailed to your account too, watch out for it.

#1386 07/22/2001 7:49 AM
Joined: May 2001
Posts: 315
Member
Member
Offline
Joined: May 2001
Posts: 315
Yeah I was sent this Virus by my friend.. Don't know why he sent it to me but oh well. I didn't check here first for information about it, I just knew that if it is weird .dat files and .exe files being sent with the same messages for each attachment that I am not going to download it.

Thanks for the information as I can now warn other friends.

#1387 07/22/2001 11:22 PM
Joined: Jul 2001
Posts: 3
Junior Member
Junior Member
Offline
Joined: Jul 2001
Posts: 3
My co-admin, myself and a few of the members got the email on our board too. Why would someone be targeting UBB users?

#1388 07/23/2001 1:16 AM
Joined: May 2001
Posts: 794
Content Queen
Content Queen
Offline
Joined: May 2001
Posts: 794
Quote
quote:
I received this in two e-mails today. No way in hell was I going to open the attachment.

When I tried to e-mail the yahoo back to say, "Nice try, but I wasn't born yesterday" -- the e-mail went nowhere. :rolleyes:


Sue
adwoff.com
#1389 07/23/2001 2:54 AM
Joined: Mar 2001
Posts: 24
Junior Member
Junior Member
Offline
Joined: Mar 2001
Posts: 24
It's funny to think that people are bored enough to do this sort of thing...
I use HotMail, which automatically scans for viruses, so I'm safe, though...

#1390 07/23/2001 3:38 AM
Joined: Mar 2001
Posts: 7,394
LK Offline
Admin / Code Breaker
Admin / Code Breaker
Offline
Joined: Mar 2001
Posts: 7,394
Don't count on it wink

#1391 07/23/2001 2:37 PM
Joined: Nov 2000
Posts: 652
Member
Member
Offline
Joined: Nov 2000
Posts: 652
yikes, I just happen to recognize the ludwigd person who was sending this. Who ever can do something please private message me and I will fill you in on who Mr. Ludwigd is.

#1392 07/23/2001 5:42 PM
Joined: Aug 2000
Posts: 1,083
Kahuna
Kahuna
Offline
Joined: Aug 2000
Posts: 1,083
Quote
quote:
Why would you open attachments from people you didn't even know anyways? Besides Hotmail's virus checker will not detect all viruses.

Anyways I received this virus today, and it was titled "reves" and had the following message:

Hola como estas ?

Te mando este archivo para que me des tu punto de vista

Nos vemos pronto, gracias.

And with a attached zip file that was like 145 KB. No way was I gonna open something a spanish person sent me... wink


.::First place winner in the June 2001 Member Spotlight ::.
.::Zelda Xtreme::.
#1393 07/23/2001 9:35 PM
Joined: Apr 2001
Posts: 164
Member
Member
Offline
Joined: Apr 2001
Posts: 164
One person has sent this to me 5 times TODAY. I told his webmaster to make it stop. I replied but the guy's mailbox was full. I wonder why smile

#1394 07/23/2001 11:18 PM
Joined: May 2001
Posts: 794
Content Queen
Content Queen
Offline
Joined: May 2001
Posts: 794
Here's the header to another e-mail I received today (actually, 2 e-mails -- both had the same message of yesterday's e-mail)

Quote
quote:
Needless to say, I forwarded it to the WS_FTP people @ Ipswitch.

I like to know what database of e-mail addresses this idiot hacked into.


Sue
adwoff.com
#1395 07/24/2001 8:34 AM
Joined: Jul 2001
Posts: 1,111
Member
Member
Offline
Joined: Jul 2001
Posts: 1,111
ive been getting emails in all 5 of my email acounts that have no retrun adress on them and have teh subject of "cul" , anyone other then me getting these?

#1396 07/24/2001 12:05 PM
Joined: Oct 2000
Posts: 73
Member
Member
Offline
Joined: Oct 2000
Posts: 73
Rinkrat, happened to me to - I think I have deleted 40 files today... Different subjects and different file types; latest one was entitled "GROUPHUG"... :rolleyes:


aleina


aleina
#1397 07/24/2001 12:42 PM
Joined: Dec 2000
Posts: 1
Junior Member
Junior Member
Offline
Joined: Dec 2000
Posts: 1
http://www.sarc.com/avcenter/venc/data/[email protected]

Could be this one you are all getting. Spanish and English versions of mail with changing subject lines and content makes it sound like this one to me. Removal (automatic and manual) links are on the above page. eek

[ July 24, 2001 12:43 PM: Message edited by: Tyke ]

#1398 07/24/2001 4:30 PM
Joined: May 2001
Posts: 202
Member
Member
Offline
Joined: May 2001
Posts: 202
Uhhh...

Nobody take this the wrong way, but that is my e-mail...

#1399 07/24/2001 8:13 PM
Joined: Aug 2000
Posts: 1,083
Kahuna
Kahuna
Offline
Joined: Aug 2000
Posts: 1,083
I'm on a roll, 6 emails now all with the following message:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

which doesnt even include the spanish ones... smile


.::First place winner in the June 2001 Member Spotlight ::.
.::Zelda Xtreme::.
#1400 07/24/2001 9:04 PM
Joined: Oct 2000
Posts: 966
Member
Member
Offline
Joined: Oct 2000
Posts: 966
From what I've read, the only thing that is consistent about this particular virus is the way it operates, and the message, not the subject, attachment, or sender..

It grabs files from My Documents and randomly sends them to people in your address book, often with the virus embedded in them..

Oh, and make sure you scan for it before october, it's set to do some serious damage, theres a 1 in 20 chance it will totally wipe your hd then, every time you boot up..

(and right now theres a 1 in 37 chance that it will fill up all the empty space on your hd with ones and zeros every time you boot up)..

So I wouldn't say it's targeted at UBB people, just random luck that the multihack files were taken from someone and mailed onwards..

#1401 07/25/2001 4:26 PM
Joined: Apr 2001
Posts: 19
Junior Member
Junior Member
Offline
Joined: Apr 2001
Posts: 19
For those of you who are not aware of this already:

The SIRCAM virus is a multi payload virus that seeks out the windows address book on the local machine then selects a file at random from 'My Documents' and forwards this file to all of the addresses in the address book.

Many people who send/forward the email are not even aware they are doing it. The file attached can have most any extension on it. including but not limited to .exe, .com, .bat, .jpg, .pif, .gif, .doc, .txt etc...
There is an online cure for this and many other viruses that can be found at http://www.sarc.com/
look under removal tools

there are also online virus checkers as well.
http://housecall.antivirus.com/housecall/start_pcc.asp

Most of these viruses are directed at Outlook and or Outlook Express email programs. Certainly not limited to them but those are the primary/principle targets.

Travis
the Sircam32 virus is both in english and in spanish

Both SARC and MCAFEE have guidelines on how to send them viris samples.

It is highly unlikely that UBB users are directly being targeted by this or any other virus. Hysteria is the greatest threat of this or any virus. If you get a virus be calm and goto one of the above mentioned websites and follow the instructions given there to clean it from your system.

After you have disinfected your system/network then you may want to send the person you got the virus from a brief note that they sent you "X virus" and they should take measures to disinfect their system as well.

Garaelb Webtech for the Cyber Soap Box


Be good to you,
Garaelb
#1402 07/25/2001 4:49 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Thanks for the info Lucia and Garaelb. So the sender's email address is a viable one? And emailing the person who is listed in the "from" box should reach someone who can go to http://housecall.antivirus.com/housecall/start_pcc.asp and clean their system?

Muchas gracias for the info smile


- Allen wavey
- What Drives You?
#1403 07/25/2001 7:44 PM
Joined: May 2001
Posts: 254
Member
Member
Offline
Joined: May 2001
Posts: 254
Hmm i keep getting people sending me server.exe and lucky7.exe hmmmmmmm looks like subseven but im not messing with it tipsy just dont download any (ANY) (AND I MEAN ANY) files you get in a e-mail unless you have a good anti-virus , check for double extensions, (or if you want to break you PC and cry to you perants and beg for a new PC) not reccomended .............


QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
#1404 07/26/2001 1:25 AM
Joined: Apr 2001
Posts: 164
Member
Member
Offline
Joined: Apr 2001
Posts: 164
I must have gotten 15 different versions of this today from different people. It;s gotten so bad that I made an Outlook rule to put the file in an "infected" folder and email the sender letting them know they've been bit.

#1405 07/26/2001 10:42 AM
Joined: Oct 2000
Posts: 966
Member
Member
Offline
Joined: Oct 2000
Posts: 966
Allen, yep it should be a viable address, that person will just happen to have you in their address book..

Oh, and it doesn't mail itself to EVERYONE on someone's address list, just a random few..

It's actually a startlingly well written virus that could have been a lot more destructive than it is (ie could have performed the harddrive destroying actions every single time, instead of only 1 in 30 or whatever times)..

Hope this helps.. All the info I got was from Wired , if you'd like to read up more on the specifics.. One of their articles also has a link to a downloadable program that will scan for and specifically fix this virus.

#1406 07/26/2001 11:42 AM
Joined: May 2001
Posts: 88
Member
Member
Offline
Joined: May 2001
Posts: 88
heh, one of our users here at the ISP I work for got hit with 40 emails in his inbox... I went ahead and removed them off the server for him.....

I got it via email once, deleted it, and was done with it... i've got an antisir patch sitting on my desktop just in case anywayz (here at work)

#1407 07/26/2001 3:40 PM
Joined: May 2001
Posts: 794
Content Queen
Content Queen
Offline
Joined: May 2001
Posts: 794
Quote
quote:

What is the best way to stop this e-mail -- other than deleting it? I've set-up a number of e-mail accounts for my website, and each one is getting hit -- in addition to my two main e-mails.


Sue
adwoff.com
#1408 07/31/2001 11:03 PM
Joined: May 2001
Posts: 254
Member
Member
Offline
Joined: May 2001
Posts: 254
I had a virus on my labtop that was sent to me by a guy that looked like he was one of my staff and he said i was the first to test it and i ran it and.........Lets just say i formatted my harddrive soon after. But i had 2 virus scaners both up to date neither cought it then i downloaded a trogen remover but it wouldnt help. I still have the file so if anyone wants to study it PM me.... i dont know who i can submitt it to to get help frown


QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
#1409 08/01/2001 12:07 AM
Joined: Aug 2001
Posts: 2
22 Offline
Junior Member
Junior Member
Offline
Joined: Aug 2001
Posts: 2
hello

#1410 08/01/2001 12:29 AM
Joined: May 2001
Posts: 254
Member
Member
Offline
Joined: May 2001
Posts: 254
ahhhhhhhh..... hi... lol


QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
#1411 08/01/2001 12:59 AM
Joined: Apr 2001
Posts: 73
Member
Member
Offline
Joined: Apr 2001
Posts: 73
I had received about 10 emails from
[email protected] all with different subjects, and all with a different program file attached. some were *.exe and some were *.bat.

If you get an email from [email protected] or "Debbie/Paul" and it says:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

DELETE IT IMMEDIATELY!!! It, too is a virus.

#1412 08/01/2001 4:04 AM
Joined: Aug 2000
Posts: 1,083
Kahuna
Kahuna
Offline
Joined: Aug 2000
Posts: 1,083
Yeah we know. smile


.::First place winner in the June 2001 Member Spotlight ::.
.::Zelda Xtreme::.
Page 1 of 2 1 2

Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
JAISP
JAISP
PA
Posts: 449
Joined: February 2008
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)