|
Poslao: 05 Maj 2005 10:52
|
offline
- Ceva
- Super građanin
- Pridružio: 10 Mar 2005
- Poruke: 1313
|
Posljednja inačica crva Sober, Sober.O, naizgled je samo još jedna u nizu virusnih gnjavaža s kojima se svakodnevno susrećemo, no ova je verzija posebna po svom izuzetno brzom širenju. Naime, u posljednjih 24 sata Sober.O je dogurao do brojke od čak 77 posto virusnog prometa na internetu
Crv Sober je prisutan na internetu još od 2003. godine, a antivirusnim kompanijama pomalo ponestaje slova abecede za imenovanje novih verzija; posljednja u nizu je, prema Symantecu, Sober.O, dok su ga druge antivirusne kompanije nazvale Sober.N, Sober.P Sober.S.
Sober.O širi se putem e-pošte, šaljući poruke na engleskom i njemačkom jeziku, najčešće obavještavajući korisnika o tobožnjoj nagradnoj igri u kojoj je isti osvojio besplatnu ulaznicu za Svjetsko nogometno prvenstvo. Iako u osnovi ne donosi ništa novo, ovakav sadržaj poruke bi mogao biti razlog zašto se crv tako snažno proširio u Europi koja, kako znamo, vrvi fanatičnim obožavateljima nogometa.
Informacije o tome kako prepoznati i kako se riješiti ove prijetnje možete pronaći ovdje.
preuzeto sa: http://www.tportal.hr/tehnologija/internet/fset.html
|
|
|
|
|
Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
|
|
|
Poslao: 06 Maj 2005 19:28
|
offline
- Pridružio: 14 Mar 2004
- Poruke: 997
- Gde živiš: Batina, Baranja, Hrvatska, Evropa, Planeta zemlja
|
@ KAV Distributer
a link na removal tool za Sober.p ?
mod: edit by m4rk0: uklonjen nepotreban quote
|
|
|
|
|
|
|
|
|
Poslao: 18 Jul 2005 12:24
|
offline
- nulti.korisnik
- Legendarni građanin
- Pridružio: 20 Feb 2005
- Poruke: 4505
- Gde živiš: planeta Zemlja
|
Status : informational
Kaspersky Lab has detected several infections caused by new modifications of Virus.Win32.GPCode. So far, information has only been received from Russian users. Four new modifications have been added to Kaspersky Anti-Virus databases.
This program can encrypt data files with extensions such as .txt, xls, rar, doc, html, pdf etc). Encrypted files contain the words 'PGPCoder' at the beginning of the file. Folders which contain encrypted files will also contain a file named readme.txt. The contents of readme.txt are given below, although the email address may differ:
Some files are coded.
To buy decoder mail: md731@yandex.ru
with subject: PGPcoder md73
If the user sends a message to the address contained in the text file, they will receive an answer saying that files can be decrypted for payment, and a sum will be named.
Kaspersky Lab strongly recommends that users should not attempt to make contact or pay any money for the 'decoder', as this is effectively blackmail. All the newest modifications of Virus.Win32.GPCode are detected by the latest Kaspersky Anti-Virus databases. Users simply need to update antivirus databases and run a full scan of the computer's hard disk in order to decrypt encrypted files.
IZVOR
|
|
|
|
|
|
|
|
|
Poslao: 25 Jul 2005 19:46
|
offline
- nulti.korisnik
- Legendarni građanin
- Pridružio: 20 Feb 2005
- Poruke: 4505
- Gde živiš: planeta Zemlja
|
A new worm, WORM_OPANKI.Y, is circulating online. It poses as an iTunes file and is spreading using AOL Instant Messenger. While it does not affect Mac users, it does affect most breeds of the Windows OS.
The worm poses as a file named "iTunes.exe" in an attempt to trick users, "into thinking that this worm is associated with a legitimate product," Trend Micro warns.
However, when activated the worm actually sends a message to all online contacts of an affected user, which reads, "this picture never gets old". Each message has a link to a URL where users download a file that appears to be a JPEG.
Also when activated, the software will begin to download spyware and pop-ups. It also tracks Internet sites infected users visit.
Trend Micro also warns: "This worm has backdoor capabilities. It opens a random TCP port and connects to the Internet Relay Chat (IRC) server xyz.legi0n.net. Once connected, it joins the IRC channel fate, where it listens for commands from a remote malicious user. It then executes these commands locally on affected machines."
It's not a major threat, according to the security firm, and has not spread widely.
IZVOR
|
|
|
|
|
|
|
Poslao: 25 Jul 2005 21:10
|
offline
- Svemirko
- Legendarni građanin
- Pridružio: 24 Mar 2004
- Poruke: 3962
- Gde živiš: Zemun
|
A kako da znam koji je novi virus, a koji je stari ?!
|
|
|
|
|
|
|
Poslao: 25 Jul 2005 22:15
|
offline
- kUdtiHaEX
- Novi MyCity građanin
- Pridružio: 31 Jul 2004
- Poruke: 29
|
Imam strasno pametnog bota na IRC serveru, inace nalazi se tamo gde i kanal ovog sajta i on svakih pola sata updateuje listu aktivnih virusa, pa sada kaze ovo:
-g8keeper- +-- (Symantec): Latest Virus Threats
-g8keeper- [1]: W32.Mytob.IH@mm (July 25, 2005) - Risk Level: 2 [Low]
-g8keeper- Info: symantec.com/avcenter/venc/data/w32.mytob.ih@mm.html
-g8keeper- [2]: W32.Mytob.IG@mm (July 25, 2005) - Risk Level: 2 [Low]
-g8keeper- Info: symantec.com/avcenter/venc/data/w32.mytob.ig@mm.html
-g8keeper- [3]: Trojan.Desktophijack.C (July 24, 2005) - Risk Level: 1 [Very Low]
-g8keeper- Info: symantec.com/avcenter/venc/data/trojan.desktophijack.c.html
-g8keeper- [4]: Trojan.Helemoo (July 23, 2005) - Risk Level: 1 [Very Low]
-g8keeper- Info: symantec.com/avcenter/venc/data/trojan.helemoo.html
-g8keeper- [5]: Trojan.Abwiz.C (July 22, 2005) - Risk Level: 1 [Very Low]
-g8keeper- Info: symantec.com/avcenter/venc/data/trojan.abwiz.c.html
-g8keeper- +-- (Symantec): End of Virus Threat List
|
|
|
|
|
|
