Hi Folks,
I have just spent all morning cleaning a virus from my computer, and I consider myself a pretty IT literate user.

Some you may be aware that 10 Yetis is doing a lot of PR work for me and these forums, so I was not in the slightest bit surprised to receive an email from what looked like a business publication (totalbusiness.com) asking me to approve "the attached article" for inclusion in their magazine. So I happily opened the attachement and nothing happened.

As it turns out it was a trojan that switched off my firewall, disabled my antivirus, and logged into a remote IRC server for ha<|<ors (hackers) to log into my PC and play silly buggers.
Its taken me all morning to clean my PC, and my antivirus (Symantec) didn't even detect the attachement as a virus.

So, if you receive any emails from a totalbusiness domain name do not open the attachment. The attached file is likely to be similar to "Photo&Article.zip".

More information is available on the following URL;
http://www.bitdefender.com/VIRUS-1000058-en--Backdoor.IRC.Snyd.A.html

sorry to hear that Ozzy,

also, a couple of MS advisories have past my nose regarding this one, looks like they think will be bigger than blaster!

http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal@mm.html

D

Yesterday I had the same email purporting to be from the Guardian - it was sent to a personal email address, that has never been used for business purposes. What rang more alarm bells with me was that when I tried to open the file that had been unzipped and looked like an Adobe Reader file, it had a .exe file extension and Zone Alarm firewall asked for permission for something to access the internet, which I denied.

I was more fortuante than Ozzy, but be alert.

I received the following email from j.andrews@totalbusiness.com on 5th December

Hello,

Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We've attached the photo with the article here.

Kind regards,

Jamie Andrews
Editor
www.TotalBusiness.com

**********************************************
The Professional Development Institute
**********************************************


I have never heard of the company nor was it one that I had written an article for but it looked genuine and it seemed to have come from the person allegedly sending it so I decided to open the file - which contained a virus. Luckily I keep my virus definitions up to date so Norton caught it straight away and deleted it.

I had this yesterday and today allegedly from Total Business Monthly. Amazing really as there is a whole fake website for it if you look at their link.

I was suspicious as I don't recall submitting anything to 'Total Business' and their email to me was addressed to Iona rather than Fiona. I did carefully peek without opening and inside the zip folder was an .exe file. That gave the game away as this is a clear indicator that this is going to do something! I had to check it out though as my business involves submitting to umpteen magazines...

Also just seen Working Linch and they were warning about a virus that will effect any computer it is in, on this Friday, by deleting all Word, Excel and Acrobat files. So make sure your virus protection is up to date.

Fiona Bailey
www.pebblecommunications.co.uk

its a DDoS bot, it is used for distributed denial of service attacks, it cannot be detected due to them being packed.

It's a new W32/Breplibot variant being seeded in SMTP email.

There is detection for this out there, depends who scans your mail ;)

Here's more info of what to look out for...

-------------

Subject
Photo
Photo Approval Needed
Photo Approval Required
photo approval needed
approval deadline
Requesting Photo Approval
Campus Life Article
Campus Life
Photo Approval
Photo Approval Deadline
Photo and Article

Filename
Photo and Article.exe

Sender
j.andrews @tradersworld.com
jamie.andrews @tradersworld.com
Joseph.Hope @yale.edu
media @tradersworld.com
j.hope @yale.edu
info @yale.edu
jamie.andrews @totalbusiness.com
william.morrison @guardian.com
jamien @tradersworld.com
editor32 @totalbusiness.com
info @guardian.com
editor55 @tradersworld.com
media @totalbusiness.com
editor @guardian.com
jamiek @tradersworld.com

.......... my antivirus (Symantec) didn't even detect the attachement as a virus.
It's perhaps worth noting that relying on only one AV program can never be 100% effective whatever the vendor or anyone else might claim. It's really going to be a matter of chance as to whether your AV vendor gets an update out before the virus strikes you.

You can greatly improve these odds by using more than one AV program. My networks at home and work are protected by three (Clamav, F-Prot, and AVG), and nothing has ever got through all 3, though 2 of them have on occasion been beaten.

This is hard to achieve with a standalone PC as most AV programs won't cooperate. But you can lessen your chances by using an ISP that provides email AV scanning at their level. Combined with your own AV you have then considerably lessened your chances of infection.