UBB.Developers Forums Announcements Announcements Urgent Virus Warning!

Not only has an especially lethal email virus been circulating recently, that erases your hard drive, it now appears someone has packaged the virus code in an email targeted at the UBBDev community.

If you receive a message from "ludwigd" or "[email protected]" with the subject "section as well." DELETE IT IMMEDIATELY. The email contains an attachment called "CDCACHE.EXE" (of size 651.kb) that will activate the virus if run.

The badly-written email message makes it appear that the file is an update for the popular Multihack mod-installation system. We at UBBDev will be working very closely with author Troy Jones ( troy@multihack.com ) to prevent this from happening again.

In the mean time, please treat any impersonal or mass emails regarding UBB™ that do not come from infopop.com ubbdev.com or multihack.com with suspicion.

For more information on this virus, and another similar one which is currently circulating, please click "read more" below.

I dont understand why people do this.....

Because they think it's fun to mess up people's computers and watch the ensuing chaos.

I got a weird email this morning - not from ubbdev, though - all in spanish with an attached .bat file. Very odd.

I need a virus scanner

That was probably the W32/SirCam@MM virus.

The McAfee.com Online Virus Scanner and ActiveSheild are inexpensive and work great. Their license also allows you to use it on ALL computers you own or use!

yea its just loosers with too much time on their hands... if they want to code they should be writing hacks for ubb

.bat files are executeable - don't run them.

Further info on the original virus can be found here . The virus (which is actually a worm) will be detected by many 'old' (i.e. not-the-latest) virus scanner versions, but I reccomend everyone update their scanners as a precaution.

Known originating addresses for the original worm: (message: "hi! how are you?")

"alex" [email protected]
"Kelvindranath" [email protected]

Known originating addresses for the multihack-aliased worm:

"ludwigd" [email protected]

Known infected attachemnt names: (sizes may vary)

CDCACHE.EXE (65 kb)
Document.doc.pif (142 kb)
BA_ATR72.zip.com (275 kb)

Well, at least now we know how to avoid it.

I got today an email called "Hippocrates" with the file Hippocrates.doc.lnk (167kb).

I saw it's a virus because of the hidden .lnk and Norton Antivirus told me it's W32.FunLove.4099... (It has nothing to do with UBBDEV)

If you receive the viruses, forward them to me at [email protected] so I can look at the viruses.

Those Stupid ****in Bastards!!
excuse my language

as i am not well known i doubt i will be sent the virus,but check attatchments VERY carefully


Joker

Wow, I am amazed that someone felt MultiHack had enough of a userbase to warrant this. heh Some kids...

Of course I do NOT condone this in any way and if you have information as to who is doing this, please let me or an Admin here at UBBDev know any information you may have.

Any updates to MultiHack will ONLY be released on the MultiHack web site. I have submitted the software to download.com, but other than that, www.multihack.com is the ONLY place you should download the software from.

Even my beta testers while on occasion get a beta update in email, they are expecting the email from me.

Please forward me any emails you get with this email/virus. I would like to examine the headers of them. Working for an ISP helps to track these people down as well so I have some other resources available to me.

Standard rule of thumb though, don't run anything you get in email. If you even know who sent it to you, virus scan it anyway. Then decide if you really care what it is before you run it. More people get infected by their grandma sending them "The cute little bunny dance" than anything else. Be careful!

Don't dis da MultiHack!

I love that program btw Troy!

Whoever has done this really isn't very nice. But it's not like it hasn't happened before.

Be careful MasterMind, it's the BLUE wire... or was it red... anyhow, one false move and you are toast!

And anyone who would write a virus with a BATCH FILE is very dumb. I'm not saying that people who write batch files are dumb, heck I made a 1MB+ GAME out of a batch file! But this type of person is the worst, the have the least ammount of respect, the whip up a quick 5 second program and watch the world explode.. :rolleyes:

They all need to be taught a lesson. Oh well, I never received anything at my @UBBDEV.COM account.

Take care.

Yeah this virus has been going around hotmail.com email.com home.com email addresses so this virus can be emailed to your account too, watch out for it.

Yeah I was sent this Virus by my friend.. Don't know why he sent it to me but oh well. I didn't check here first for information about it, I just knew that if it is weird .dat files and .exe files being sent with the same messages for each attachment that I am not going to download it.

Thanks for the information as I can now warn other friends.

My co-admin, myself and a few of the members got the email on our board too. Why would someone be targeting UBB users?

I received this in two e-mails today. No way in hell was I going to open the attachment.

When I tried to e-mail the yahoo back to say, "Nice try, but I wasn't born yesterday" -- the e-mail went nowhere. :rolleyes:

It's funny to think that people are bored enough to do this sort of thing...
I use HotMail, which automatically scans for viruses, so I'm safe, though...

Don't count on it

yikes, I just happen to recognize the ludwigd person who was sending this. Who ever can do something please private message me and I will fill you in on who Mr. Ludwigd is.

Why would you open attachments from people you didn't even know anyways? Besides Hotmail's virus checker will not detect all viruses.

Anyways I received this virus today, and it was titled "reves" and had the following message:

Hola como estas ?

Te mando este archivo para que me des tu punto de vista

Nos vemos pronto, gracias.

And with a attached zip file that was like 145 KB. No way was I gonna open something a spanish person sent me...

One person has sent this to me 5 times TODAY. I told his webmaster to make it stop. I replied but the guy's mailbox was full. I wonder why

Here's the header to another e-mail I received today (actually, 2 e-mails -- both had the same message of yesterday's e-mail)

Needless to say, I forwarded it to the WS_FTP people @ Ipswitch.

I like to know what database of e-mail addresses this idiot hacked into.

ive been getting emails in all 5 of my email acounts that have no retrun adress on them and have teh subject of "cul" , anyone other then me getting these?

Rinkrat, happened to me to - I think I have deleted 40 files today... Different subjects and different file types; latest one was entitled "GROUPHUG"... :rolleyes:


aleina

http://www.sarc.com/avcenter/venc/data/[email protected]

Could be this one you are all getting. Spanish and English versions of mail with changing subject lines and content makes it sound like this one to me. Removal (automatic and manual) links are on the above page.

[ July 24, 2001 12:43 PM: Message edited by: Tyke ]

Uhhh...

Nobody take this the wrong way, but that is my e-mail...

I'm on a roll, 6 emails now all with the following message:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

which doesnt even include the spanish ones...

From what I've read, the only thing that is consistent about this particular virus is the way it operates, and the message, not the subject, attachment, or sender..

It grabs files from My Documents and randomly sends them to people in your address book, often with the virus embedded in them..

Oh, and make sure you scan for it before october, it's set to do some serious damage, theres a 1 in 20 chance it will totally wipe your hd then, every time you boot up..

(and right now theres a 1 in 37 chance that it will fill up all the empty space on your hd with ones and zeros every time you boot up)..

So I wouldn't say it's targeted at UBB people, just random luck that the multihack files were taken from someone and mailed onwards..

For those of you who are not aware of this already:

The SIRCAM virus is a multi payload virus that seeks out the windows address book on the local machine then selects a file at random from 'My Documents' and forwards this file to all of the addresses in the address book.

Many people who send/forward the email are not even aware they are doing it. The file attached can have most any extension on it. including but not limited to .exe, .com, .bat, .jpg, .pif, .gif, .doc, .txt etc...
There is an online cure for this and many other viruses that can be found at http://www.sarc.com/
look under removal tools

there are also online virus checkers as well.
http://housecall.antivirus.com/housecall/start_pcc.asp

Most of these viruses are directed at Outlook and or Outlook Express email programs. Certainly not limited to them but those are the primary/principle targets.

Travis
the Sircam32 virus is both in english and in spanish

Both SARC and MCAFEE have guidelines on how to send them viris samples.

It is highly unlikely that UBB users are directly being targeted by this or any other virus. Hysteria is the greatest threat of this or any virus. If you get a virus be calm and goto one of the above mentioned websites and follow the instructions given there to clean it from your system.

After you have disinfected your system/network then you may want to send the person you got the virus from a brief note that they sent you "X virus" and they should take measures to disinfect their system as well.

Garaelb Webtech for the Cyber Soap Box

Thanks for the info Lucia and Garaelb. So the sender's email address is a viable one? And emailing the person who is listed in the "from" box should reach someone who can go to http://housecall.antivirus.com/housecall/start_pcc.asp and clean their system?

Muchas gracias for the info

Hmm i keep getting people sending me server.exe and lucky7.exe hmmmmmmm looks like subseven but im not messing with it just dont download any (ANY) (AND I MEAN ANY) files you get in a e-mail unless you have a good anti-virus , check for double extensions, (or if you want to break you PC and cry to you perants and beg for a new PC) not reccomended .............

I must have gotten 15 different versions of this today from different people. It;s gotten so bad that I made an Outlook rule to put the file in an "infected" folder and email the sender letting them know they've been bit.

Allen, yep it should be a viable address, that person will just happen to have you in their address book..

Oh, and it doesn't mail itself to EVERYONE on someone's address list, just a random few..

It's actually a startlingly well written virus that could have been a lot more destructive than it is (ie could have performed the harddrive destroying actions every single time, instead of only 1 in 30 or whatever times)..

Hope this helps.. All the info I got was from Wired , if you'd like to read up more on the specifics.. One of their articles also has a link to a downloadable program that will scan for and specifically fix this virus.

heh, one of our users here at the ISP I work for got hit with 40 emails in his inbox... I went ahead and removed them off the server for him.....

I got it via email once, deleted it, and was done with it... i've got an antisir patch sitting on my desktop just in case anywayz (here at work)

What is the best way to stop this e-mail -- other than deleting it? I've set-up a number of e-mail accounts for my website, and each one is getting hit -- in addition to my two main e-mails.

I had a virus on my labtop that was sent to me by a guy that looked like he was one of my staff and he said i was the first to test it and i ran it and.........Lets just say i formatted my harddrive soon after. But i had 2 virus scaners both up to date neither cought it then i downloaded a trogen remover but it wouldnt help. I still have the file so if anyone wants to study it PM me.... i dont know who i can submitt it to to get help

hello

ahhhhhhhh..... hi... lol

I had received about 10 emails from
[email protected] all with different subjects, and all with a different program file attached. some were *.exe and some were *.bat.

If you get an email from [email protected] or "Debbie/Paul" and it says:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

DELETE IT IMMEDIATELY!!! It, too is a virus.

Yeah we know.