Christmas Virus TIPs
This holiday season may bring an undesired "gift" in your email.
These new virii (plural of virus)
use "Christmas" to lure you
into accepting them, plus another one that Disney never intended.
I've collected some information to help you avoid these unpleasant (and
unwanted) gifts.
(Christmas Music) (Snowwhite-Dwarfs)
(NAVIDAD)
Christmas
Music
A.K.A. (W32.Music)
|
How it Arrives |
EMAIL received which looks like...
To: To all my friends
From: Test Mail
Subject: Testing to send file
Body: Hi, just testing email using Merry Christmas music file, not
bad music.
Attachment: Music.com., Music.zip, or Music.exe
|
|
How it Infects |
If you click on the attached file ...
A window that reads "Merry Christmas" will display and start
playing a midi file rendition of "We Wish You A Merry
Christmas." The virus will change your browser's home page, attempt
to download a new version of itself from the internet, and then send
itself to all email addresses in your Windows Address Book (WAB). You
might catch your "traffic" icon blinking while your
sitting idle, neither loading a new web page nor sending email.
 |
|
How to Avoid
|
Delete the email, DO NOT click on the
attachment
|
|
How to Recover |
Update your Virus Protection Software with the newest "Virus
Signature" files.
Most of the current Software products have a menu item which will
connect you to their Web Site download center and provide instructions
for updating.
Launch your Virus Protection software, Scan all
drives, and "clean" any infected files.
|
|
How Destructive? |
Initial reports indicate that it does not cause any damage.
However, since it can download updates to itself...the next update might
cause damage.
|
Snowwhite and the seven Dwarfs
A.K.A. (W32.Hybris)
|
How it Arrives |
EMAIL received which looks like...
To: "One your email recipients"
From: Hahaha
Subject: Snowhite and the seven Dwarfs - The REAL Story!
Body text: "Today, Snowhite was turning 18. The 7 Dwarfs
always where very educated and polite with Snowhite. When they go out
work at mornign (sic), they promissed (sic) a *huge*
surprise. Snowhite was anxious. Suddlently (sic), the door open,
and the Seven Dwarfs enter..."
Attachment: a variable file name ending with .exe or .scr,
most commonly dwarf4you.exe
|
|
How it Infects |
If you click on the attached file ...
Nothing happens...that you can see, that is. The virus installs itself
on your PC and downloads an update to itself from the internet. It will
then send copies of itself (same email as above) to recipients on your
outgoing email. It will continue to download additional updates while
you are connected to the internet. You might catch your
"traffic" icon blinking while your sitting idle, neither
loading a new web page nor sending email.
|
|
How to Avoid
|
Delete the email, DO NOT click on the
attachment
|
|
How to Recover |
Update your Virus Protection Software with the newest "Virus
Signature" files.
Most of the current Software products have a menu item which will
connect you to their Web Site download center and provide instructions
for updating.
Launch your Virus Protection software, Scan all
drives, and "clean" any infected files.
Click
here for Removal Instructions from McAafee
|
|
How Destructive? |
One (1) Windows file will need to be restored, but in general,
initial reports indicate that it does not cause any damage.
However, since it can download updates to itself...the next update might
cause damage.
|
NAVIDAD
A.K.A. (W32.Watchit)
|
How it Arrives |
EMAIL received which looks like...
To: "your own email"
From: "Someone you've emailed in the past"
Subject: RE: "the subject of a previous email"
Body text: "May be the content of the previous message or
an invitation to click on the attached file"
Attachment: NAVIDAD.EXE |
|
How it Infects |
If you click on the attached file ...
An eyeball icon is installed in the lower
right hand corner of the Windows desktop and while loading, an error
dialog box will appear on the screen displaying the letters
"UI".
copying and sending itself out via e-mail as replies. Once it has
successfully installed itself, it will begin sending copies of itself
out as replies to emails in your address book.
|
|
How to Avoid
|
Delete the email, DO NOT click on the
attachment
|
|
How to Recover |
Update your Virus Protection Software with the newest "Virus
Signature" files.
Most of the current Software products have a menu
item which will connect you to their Web Site download center and
provide instructions for updating.
Launch your Virus Protection software, scan all
drives, and "clean" any infected files.
Please take extra care when removing this virus. The change made to the
Windows registry file make it a sensitive operation. Follow the virus
protection software instructions... for Mcaffee Virus shield
instructions ... click
here
|
|
How Destructive? |
Initial reports indicate that it does not cause any damage, however it
does make several changes to the Windows Registry file.
|
Your email friends
may have
a virus in their Inbox right now
. . .
Play it safe. Pass this information on to them.
Let's help everyone avoid these unpleasant
gifts!
As always,
we welcome your suggestions for future TIPs
and GUIDEs.
Your ideas are always the best :-)
send email to
mark@eakles.com
and more TIPs,
GUIDEs, INFO
& FUN...
[an error occurred while processing this directive]
