#1373
07/20/2001 10:21 AM
|
Joined: Jul 2000
Posts: 1,349
Member
|
Member
Joined: Jul 2000
Posts: 1,349 |
Not only has an especially lethal email virus been circulating recently, that erases your hard drive, it now appears someone has packaged the virus code in an email targeted at the UBBDev community. If you receive a message from "ludwigd" or " [email protected]" with the subject "section as well." DELETE IT IMMEDIATELY. The email contains an attachment called "CDCACHE.EXE" (of size 651.kb) that will activate the virus if run. The badly-written email message makes it appear that the file is an update for the popular Multihack mod-installation system. We at UBBDev will be working very closely with author Troy Jones ( troy@multihack.com ) to prevent this from happening again. In the mean time, please treat any impersonal or mass emails regarding UBB™ that do not come from infopop.com ubbdev.com or multihack.com with suspicion. For more information on this virus, and another similar one which is currently circulating, please click "read more" below.
|
|
|
#1374
07/20/2001 10:25 AM
|
Joined: May 2001
Posts: 254
Member
|
Member
Joined: May 2001
Posts: 254 |
I dont understand why people do this.....
QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
|
|
|
#1375
07/20/2001 10:30 AM
|
Joined: Mar 2001
Posts: 10
Junior Member
|
Junior Member
Joined: Mar 2001
Posts: 10 |
Because they think it's fun to mess up people's computers and watch the ensuing chaos. I got a weird email this morning - not from ubbdev, though - all in spanish with an attached .bat file. Very odd. I need a virus scanner 
|
|
|
#1377
07/20/2001 10:41 AM
|
Joined: Jun 2001
Posts: 25
Junior Member
|
Junior Member
Joined: Jun 2001
Posts: 25 |
yea its just loosers with too much time on their hands... if they want to code they should be writing hacks for ubb 
-joey
|
|
|
#1378
07/20/2001 10:53 AM
|
Joined: Jul 2000
Posts: 1,349
Member
|
Member
Joined: Jul 2000
Posts: 1,349 |
.bat files are executeable - don't run them.  Further info on the original virus can be found here . The virus (which is actually a worm) will be detected by many 'old' (i.e. not-the-latest) virus scanner versions, but I reccomend everyone update their scanners as a precaution. Known originating addresses for the original worm: (message: "hi! how are you?") "alex" [email protected]"Kelvindranath" [email protected]Known originating addresses for the multihack-aliased worm: "ludwigd" [email protected]Known infected attachemnt names: (sizes may vary) CDCACHE.EXE (65 kb) Document.doc.pif (142 kb) BA_ATR72.zip.com (275 kb)
|
|
|
#1379
07/20/2001 11:05 AM
|
Joined: May 2001
Posts: 2,798
Member
|
Member
Joined: May 2001
Posts: 2,798 |
Well, at least now we know how to avoid it.
|
|
|
#1380
07/20/2001 11:11 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
I got today an email called "Hippocrates" with the file Hippocrates.doc.lnk (167kb).
I saw it's a virus because of the hidden .lnk and Norton Antivirus told me it's W32.FunLove.4099... (It has nothing to do with UBBDEV)
|
|
|
#1381
07/20/2001 11:21 AM
|
Joined: Feb 2000
Posts: 4,625
Member
|
Member
Joined: Feb 2000
Posts: 4,625 |
If you receive the viruses, forward them to me at [email protected] so I can look at the viruses.
|
|
|
#1382
07/20/2001 12:34 PM
|
Joined: Jul 2001
Posts: 23
Junior Member
|
Junior Member
Joined: Jul 2001
Posts: 23 |
Those Stupid ****in Bastards!! excuse my language as i am not well known i doubt i will be sent the virus,but check attatchments VERY carefully  Joker
|
|
|
|
Joined: Apr 2001
Posts: 299
Member / MultiHacker
|
Member / MultiHacker
Joined: Apr 2001
Posts: 299 |
Wow, I am amazed that someone felt MultiHack had enough of a userbase to warrant this. heh Some kids... Of course I do NOT condone this in any way and if you have information as to who is doing this, please let me or an Admin here at UBBDev know any information you may have. Any updates to MultiHack will ONLY be released on the MultiHack web site. I have submitted the software to download.com, but other than that, www.multihack.com is the ONLY place you should download the software from. Even my beta testers while on occasion get a beta update in email, they are expecting the email from me. Please forward me any emails you get with this email/virus. I would like to examine the headers of them. Working for an ISP helps to track these people down as well so I have some other resources available to me. Standard rule of thumb though, don't run anything you get in email. If you even know who sent it to you, virus scan it anyway. Then decide if you really care what it is before you run it. More people get infected by their grandma sending them "The cute little bunny dance" than anything else. Be careful! 
|
|
|
|
Joined: Mar 2001
Posts: 22
Junior Member
|
Junior Member
Joined: Mar 2001
Posts: 22 |
Don't dis da MultiHack!  I love that program btw Troy!  Whoever has done this really isn't very nice. But it's not like it hasn't happened before. Be careful MasterMind, it's the BLUE wire... or was it red... anyhow, one false move and you are toast!  And anyone who would write a virus with a BATCH FILE is very dumb. I'm not saying that people who write batch files are dumb, heck I made a 1MB+ GAME out of a batch file! But this type of person is the worst, the have the least ammount of respect, the whip up a quick 5 second program and watch the world explode.. :rolleyes: They all need to be taught a lesson. Oh well, I never received anything at my @UBBDEV.COM account. Take care.
|
|
|
|
Joined: May 2001
Posts: 6,708
Member
|
Member
Joined: May 2001
Posts: 6,708 |
Yeah this virus has been going around hotmail.com email.com home.com email addresses so this virus can be emailed to your account too, watch out for it.
|
|
|
|
Joined: May 2001
Posts: 315
Member
|
Member
Joined: May 2001
Posts: 315 |
Yeah I was sent this Virus by my friend.. Don't know why he sent it to me but oh well. I didn't check here first for information about it, I just knew that if it is weird .dat files and .exe files being sent with the same messages for each attachment that I am not going to download it.
Thanks for the information as I can now warn other friends.
|
|
|
#1387
07/22/2001 11:22 PM
|
Joined: Jul 2001
Posts: 3
Junior Member
|
Junior Member
Joined: Jul 2001
Posts: 3 |
My co-admin, myself and a few of the members got the email on our board too. Why would someone be targeting UBB users?
|
|
|
|
Joined: May 2001
Posts: 794
Content Queen
|
Content Queen
Joined: May 2001
Posts: 794 |
I received this in two e-mails today. No way in hell was I going to open the attachment. When I tried to e-mail the yahoo back to say, "Nice try, but I wasn't born yesterday" -- the e-mail went nowhere. :rolleyes:
Sue adwoff.com
|
|
|
|
Joined: Mar 2001
Posts: 24
Junior Member
|
Junior Member
Joined: Mar 2001
Posts: 24 |
It's funny to think that people are bored enough to do this sort of thing... I use HotMail, which automatically scans for viruses, so I'm safe, though...
|
|
|
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
Don't count on it 
|
|
|
|
Joined: Nov 2000
Posts: 652
Member
|
Member
Joined: Nov 2000
Posts: 652 |
yikes, I just happen to recognize the ludwigd person who was sending this. Who ever can do something please private message me and I will fill you in on who Mr. Ludwigd is.
|
|
|
|
Joined: Aug 2000
Posts: 1,083
Kahuna
|
Kahuna
Joined: Aug 2000
Posts: 1,083 |
Why would you open attachments from people you didn't even know anyways? Besides Hotmail's virus checker will not detect all viruses. Anyways I received this virus today, and it was titled "reves" and had the following message: Hola como estas ? Te mando este archivo para que me des tu punto de vista Nos vemos pronto, gracias. And with a attached zip file that was like 145 KB. No way was I gonna open something a spanish person sent me... 
|
|
|
|
Joined: Apr 2001
Posts: 164
Member
|
Member
Joined: Apr 2001
Posts: 164 |
One person has sent this to me 5 times TODAY. I told his webmaster to make it stop. I replied but the guy's mailbox was full. I wonder why 
|
|
|
#1394
07/23/2001 11:18 PM
|
Joined: May 2001
Posts: 794
Content Queen
|
Content Queen
Joined: May 2001
Posts: 794 |
Here's the header to another e-mail I received today (actually, 2 e-mails -- both had the same message of yesterday's e-mail) Needless to say, I forwarded it to the WS_FTP people @ Ipswitch. I like to know what database of e-mail addresses this idiot hacked into.
Sue adwoff.com
|
|
|
|
Joined: Jul 2001
Posts: 1,111
Member
|
Member
Joined: Jul 2001
Posts: 1,111 |
ive been getting emails in all 5 of my email acounts that have no retrun adress on them and have teh subject of "cul" , anyone other then me getting these?
|
|
|
#1396
07/24/2001 12:05 PM
|
Joined: Oct 2000
Posts: 73
Member
|
Member
Joined: Oct 2000
Posts: 73 |
Rinkrat, happened to me to - I think I have deleted 40 files today... Different subjects and different file types; latest one was entitled "GROUPHUG"... :rolleyes:
aleina
aleina
|
|
|
#1397
07/24/2001 12:42 PM
|
Joined: Dec 2000
Posts: 1
Junior Member
|
Junior Member
Joined: Dec 2000
Posts: 1 |
http://www.sarc.com/avcenter/venc/data/ [email protected] Could be this one you are all getting. Spanish and English versions of mail with changing subject lines and content makes it sound like this one to me. Removal (automatic and manual) links are on the above page. [ July 24, 2001 12:43 PM: Message edited by: Tyke ]
|
|
|
|
Joined: May 2001
Posts: 202
Member
|
Member
Joined: May 2001
Posts: 202 |
Uhhh...
Nobody take this the wrong way, but that is my e-mail...
|
|
|
|
Joined: Aug 2000
Posts: 1,083
Kahuna
|
Kahuna
Joined: Aug 2000
Posts: 1,083 |
I'm on a roll, 6 emails now all with the following message: Hi! How are you? I send you this file in order to have your advice See you later. Thanks which doesnt even include the spanish ones... 
|
|
|
|
Joined: Oct 2000
Posts: 966
Member
|
Member
Joined: Oct 2000
Posts: 966 |
From what I've read, the only thing that is consistent about this particular virus is the way it operates, and the message, not the subject, attachment, or sender..
It grabs files from My Documents and randomly sends them to people in your address book, often with the virus embedded in them..
Oh, and make sure you scan for it before october, it's set to do some serious damage, theres a 1 in 20 chance it will totally wipe your hd then, every time you boot up..
(and right now theres a 1 in 37 chance that it will fill up all the empty space on your hd with ones and zeros every time you boot up)..
So I wouldn't say it's targeted at UBB people, just random luck that the multihack files were taken from someone and mailed onwards..
|
|
|
|
Joined: Apr 2001
Posts: 19
Junior Member
|
Junior Member
Joined: Apr 2001
Posts: 19 |
For those of you who are not aware of this already: The SIRCAM virus is a multi payload virus that seeks out the windows address book on the local machine then selects a file at random from 'My Documents' and forwards this file to all of the addresses in the address book. Many people who send/forward the email are not even aware they are doing it. The file attached can have most any extension on it. including but not limited to .exe, .com, .bat, .jpg, .pif, .gif, .doc, .txt etc... There is an online cure for this and many other viruses that can be found at http://www.sarc.com/ look under removal tools there are also online virus checkers as well. http://housecall.antivirus.com/housecall/start_pcc.asp Most of these viruses are directed at Outlook and or Outlook Express email programs. Certainly not limited to them but those are the primary/principle targets. Travis the Sircam32 virus is both in english and in spanish Both SARC and MCAFEE have guidelines on how to send them viris samples. It is highly unlikely that UBB users are directly being targeted by this or any other virus. Hysteria is the greatest threat of this or any virus. If you get a virus be calm and goto one of the above mentioned websites and follow the instructions given there to clean it from your system. After you have disinfected your system/network then you may want to send the person you got the virus from a brief note that they sent you "X virus" and they should take measures to disinfect their system as well. Garaelb Webtech for the Cyber Soap Box
Be good to you, Garaelb
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Thanks for the info Lucia and Garaelb. So the sender's email address is a viable one? And emailing the person who is listed in the "from" box should reach someone who can go to http://housecall.antivirus.com/housecall/start_pcc.asp and clean their system? Muchas gracias for the info 
|
|
|
|
Joined: May 2001
Posts: 254
Member
|
Member
Joined: May 2001
Posts: 254 |
Hmm i keep getting people sending me server.exe and lucky7.exe hmmmmmmm looks like subseven but im not messing with it  just dont download any (ANY) (AND I MEAN ANY) files you get in a e-mail unless you have a good anti-virus , check for double extensions, (or if you want to break you PC and cry to you perants and beg for a new PC) not reccomended .............
QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
|
|
|
|
Joined: Apr 2001
Posts: 164
Member
|
Member
Joined: Apr 2001
Posts: 164 |
I must have gotten 15 different versions of this today from different people. It;s gotten so bad that I made an Outlook rule to put the file in an "infected" folder and email the sender letting them know they've been bit.
|
|
|
#1405
07/26/2001 10:42 AM
|
Joined: Oct 2000
Posts: 966
Member
|
Member
Joined: Oct 2000
Posts: 966 |
Allen, yep it should be a viable address, that person will just happen to have you in their address book.. Oh, and it doesn't mail itself to EVERYONE on someone's address list, just a random few.. It's actually a startlingly well written virus that could have been a lot more destructive than it is (ie could have performed the harddrive destroying actions every single time, instead of only 1 in 30 or whatever times).. Hope this helps.. All the info I got was from Wired , if you'd like to read up more on the specifics.. One of their articles also has a link to a downloadable program that will scan for and specifically fix this virus.
|
|
|
#1406
07/26/2001 11:42 AM
|
Joined: May 2001
Posts: 88
Member
|
Member
Joined: May 2001
Posts: 88 |
heh, one of our users here at the ISP I work for got hit with 40 emails in his inbox... I went ahead and removed them off the server for him.....
I got it via email once, deleted it, and was done with it... i've got an antisir patch sitting on my desktop just in case anywayz (here at work)
|
|
|
|
Joined: May 2001
Posts: 794
Content Queen
|
Content Queen
Joined: May 2001
Posts: 794 |
What is the best way to stop this e-mail -- other than deleting it? I've set-up a number of e-mail accounts for my website, and each one is getting hit -- in addition to my two main e-mails.
Sue adwoff.com
|
|
|
#1408
07/31/2001 11:03 PM
|
Joined: May 2001
Posts: 254
Member
|
Member
Joined: May 2001
Posts: 254 |
I had a virus on my labtop that was sent to me by a guy that looked like he was one of my staff and he said i was the first to test it and i ran it and.........Lets just say i formatted my harddrive soon after. But i had 2 virus scaners both up to date neither cought it then i downloaded a trogen remover but it wouldnt help. I still have the file so if anyone wants to study it PM me.... i dont know who i can submitt it to to get help 
QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
|
|
|
#1409
08/01/2001 12:07 AM
|
Joined: Aug 2001
Posts: 2
Junior Member
|
Junior Member
Joined: Aug 2001
Posts: 2 |
|
|
|
#1410
08/01/2001 12:29 AM
|
Joined: May 2001
Posts: 254
Member
|
Member
Joined: May 2001
Posts: 254 |
QUOTES: by Link2001-------------------------"I see under the road.""When will the path end?""Boy Im tired."-------------------------
|
|
|
#1411
08/01/2001 12:59 AM
|
Joined: Apr 2001
Posts: 73
Member
|
Member
Joined: Apr 2001
Posts: 73 |
I had received about 10 emails from [email protected] all with different subjects, and all with a different program file attached. some were *.exe and some were *.bat. If you get an email from [email protected] or "Debbie/Paul" and it says: Hi! How are you? I send you this file in order to have your advice See you later. Thanks DELETE IT IMMEDIATELY!!! It, too is a virus.
|
|
|
|
Joined: Aug 2000
Posts: 1,083
Kahuna
|
Kahuna
Joined: Aug 2000
Posts: 1,083 |
Yeah we know. 
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 87
Joined: December 2001
|
|
Forums63
Topics37,575
Posts293,931
Members13,824
|
Most Online6,139 Sep 21st, 2024
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|