Spyware, Viruses, & Security forum

General discussion

Supposedly latest Worm threat called "Network Worms"

by den65 / November 19, 2006 11:18 PM PST

Like to share with all so as to compare notes. I have 2 email accounts and both received incoming mails with message "transaction failed. Partial message received". Thing is I don't recognise addresses and don't recall sending any mails to these messages. These mails come with attachments but when click on paper clip, the attachments are greyed out. Another mail with message from mail server stating their firewalls have determined that mails from my PC have been sent to them. Supposedly, a new kind of worm called network worms has managed to enter into my system. This network worms harvest email addresses and mails are being sent, apparently without the knowledge of user. Also state that many computers are affected and is advised to update antivirus and do a system restore. This particular mail also has an attachment and it can be open. But I'm wary not to do so. Did a full scan on my Norton AV '06 and also Spybot S&D and Ad-Aware but nothing came up. Not sure if the situation is genuine or a malicious trick. Appreciate any feedback if anyone has experienced the same thing.

Discussion is locked
You are posting a reply to: Supposedly latest Worm threat called "Network Worms"
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Supposedly latest Worm threat called "Network Worms"
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Could it be: W32/HLLP.Philis.bq virus ?
by Marianna Schmudlach / November 19, 2006 11:58 PM PST

BREAKING ADVISORY

November 17, 2006. Exploits have been made public for the recently patched Windows Workstation Service vulnerability (MS06-070). The exploits may lead to the creation of a self-propagating Internet worm in the near future. McAfee Avert Labs continues to monitor the situation closely. The 4889 DAT file were released early today due to increasing concern over the W32/HLLP.Philis.bq virus spreading globally.

Learn More
http://www.mcafee.com/us/threat_center/default.asp

Collapse -
W32/Stration Worm
by den65 / November 21, 2006 4:14 PM PST

Hi Marianna,

Many in Singapore received these malicious mails, I checked with Symantec & McAfee immediately after posting my query on CNET. Both said to ignore as it is a virus hoax. Thought you might want to know that my brother was tricked into opening the attachment and straightaway was infected with W32/Stration virus.

Collapse -
W32/Stration-G is a mass-mailing worm for the Windows platfo
by Marianna Schmudlach / November 22, 2006 12:58 AM PST
In reply to: W32/Stration Worm

Hi den65,

W32/Stration-G spreads my sending emails with itself as an attachment. Emails take the following form.

The subject line is chosen from the following:

hello
picture
Server Report
Status
test
Good Day
Error
Mail Delivery System
Mail Transaction Failed

The message text is chosen from the following:

Mail transaction failed. Partial message is available.

The message contains Unicode characters and has been sentas a binary attachment.

The message cannot be represented in 7-Bit ASCII encodingand has been sent as a binary attachment.

The worm is included as a file attachment with a filename of the following form. The attachment filename starts with one of the following:

body
data
doc
docs
document
file
message
readme
test
text

The filenames have a double file extension, with a large number of spaces between the two file extensions. For instance, a typical filename might be:

body.log .cmd

http://www.sophos.com/security/analyses/w32strationg.html

Is NO "virus hoax" at all !!

Collapse -
Acknowledgement
by den65 / November 23, 2006 11:17 PM PST

Hi again,

Thanx for the information.

Collapse -
(NT) You're Welcome :)
by Marianna Schmudlach / November 23, 2006 11:55 PM PST
In reply to: Acknowledgement
Collapse -
Your choice of Antivirus Software
by den65 / November 24, 2006 11:07 PM PST

Hello Marianna,

I've been using Norton AV '04(came pre-installed with my new PC). Since then, I've followed up with the 05 & 06 products. So far, had no problem or conflict using NAV and it's effective in my opinion. Anyway, my NAV '06 will be expiring in couple of months time and I'm considering changing to another brand. Which AV product do you use and which one would you recommend? Everyone has their own brand, so I figured I 'd consult an expert in computer security. Thanks.

Collapse -
Correct, everyone has its own brand.....
by Marianna Schmudlach / November 24, 2006 11:47 PM PST

I dumped Norton and McAfee years ago. Never had problems with the paid versions of AVG and Trend Micro.

Nod32 and Kaspersky should be very good, what I have heard.

Early reviews say the 2007 version of Norton AntiVirus is a big improvement in this area, but overall, reviews still say it can drag system performance.

At the end, it is up to you Happy

Collapse -
Norton '07 and Kaspersky
by den65 / November 25, 2006 12:41 AM PST

I heard too that NAV '07 has improved in that it's not so heavy on system resources. And I've been hearing a lot of mention of Kaspersky. Perhaps I'll try it out, but don't recall seeing it at the common retailers. Think I'll only find it at the big shops. Thanx for your reply.

Collapse -
Kaspersky.....
by Marianna Schmudlach / November 25, 2006 12:58 AM PST

Have a look at their webpage...

Antivirus Software: Free 30-Day Trials

It is always a good idea to try before you buy. You can download free trial software versions of our antivirus software solutions and decide which product fits your requirements. Our trial versions are valid for 30 days.

http://www.kaspersky.com/

Collapse -
Network worms
by NickD-B / November 26, 2006 10:06 PM PST

Hi Den65, good to read your mail. The responses to your request have helped me identify the two viruses mailed to me today. Like you, one was entitled 'Server Report'. The other is titled 'Good Day'. Fortunately I too am wary of of opening .exe extensions from unknown addresses. I'd just like to say thanks to you and the others who responded to your mail. Regards. Nick

Collapse -
Acknowledgement
by den65 / November 26, 2006 10:17 PM PST
In reply to: Network worms

Hi Nick,

You're welcome. When the issue is on security and dealing with the bad guys, I figured we should share and compare notes.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?