Latest Virus & Security Threats and Recommendations 

The site provides useful information on the latest virus-related and security threats discovered, and the recommendated solutions.

Disclaimer:
CITS does not assume responsibility for any advice or information given and therefore not responsible for any damage caused by software on this page. All opinions presented herein should be weighed against your own circumstances. It is up to you to determine if the advice is suitable for your own situation.

IT Security Recommendations

Microsoft Security Bulletin - Microsoft regularly announces vulnerabilities and patches on its software, components and services. Please refer to the Microsoft Security Bulletin site for the latest information. 

 

Fraud email scams and phishing is a social engineering technique used to fool email user that pretends to be from a company or bank like eBay, CITIBANK, OCBC etc. and asks the victims to enter details of account data to a fake websites. Therefore, tricking the victims into thinking that they are logging to a real website. Fraudsters will steal identity and personal information to gain access to victim's accounts or commit crimes using victim's persona.

What are the tell-tale signs and the tricks used in a scam?  What are the tips to protect oneself? Read more on an advisory to spot a scam from SINGCERT.

 

Software misconfiguration is one of the most common reasons for security breaches. You can use the MBSA to detect common configuration errors on Windows 2000, XP, Server 2003, VISTA or Server 2008 either on 32 bits or 64 bits machines to determine whether critical security updates are missing.

The tool will perform verification of the password strength and the host-base firewalling on the Windows OS. Download MBSA 2.1 tool to assess your 32 bits computer's security health if the following software is installed. 

  • MIcrosoft Windows 2000,XP, 2003, VISTA & 2008
  • Microsoft Office XP, 2002, 2003 and 2007
  • Microsoft Exchange 2000, 2003 and 2007
  • Microsoft SQL Server 2000 SP4 & SQL Server 2005

For security assessment on 64 bits machine, use MBSA 2.1[64bit] tool.

Read detail information on supported product and components and FAQ for information on its usage. 

For the following legacy product support. Microsoft has endorsed vulnerability assessment tool from Shavlik. Download NetChksetup5.9.0.145.exe to assess vulnerability on the following installed software.

  • Microsoft ISA Server 2000, ISA Server 2004
  • Microsoft FrontPage Server Extensions 2000/2002
  • Microsoft Visual Studio .Net 2002/2003
  • Microsoft Office 2000
  • Microsoft Exchange 5.0 and 5.5
  • Microsoft SQL Server 7.0 and SQL Server 2000 with Service Pack 3a (SP3a)
  • Microsoft Content Management Server 2001 and Content Management Server 2002
  • Outlook 2003 with Business Contact Manager
  • SharePoint Team Services 2002 (STS)
  • Windows SharePoint Services (WSS)
   
 

Have you turn on the Windows Firewall or ICF that come with Windows XP and Vista to protect against illegal intrusion from the virus infected computers or hackers? Read more for an understanding of the Windows host base Firewall and the need for Anti-Virus software and Spyware.

   

No Anti-Virus software to identify, thwart and eliminate computer viruses, spyware and other malicious software on your Windows XP/Vista or Windows 7? Download the Microsoft Security Essentials Anti-Virus or AVG Anti-Virus to protect your system.

How do you recognize and avoid Spyware?  Read the security tips to remain vigilant.

   

 Click web-based Trend Micro on-line scan to verify your system is free from viruses, worms,Trojans and spyware.

Alternatively, use Microsoft Windows Live safety scanner to perform security scan and on-demand PC health.

   

Microsoft Malicious Software Remover (version 3.0 covers all known variants as of 13th Oct 2009)
Suspect that your PC has been infected? This Microsoft tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. For Windows XP/Me users please disable your System Restore before use.

   
Alternatively, you may also download and run the McAfee Stinger  to check your PC for viruses (version 10.0.1.624 covers all known variants as of 7th Aug 2009).
Subscribe Now  Get first-hand updates on Virus Alerts from CITS by e-mail. If you're running Windows OS, you may wish to sign up for Microsoft Security Update newsletter as well 
[Back to Top]

 

Windows Security Updates 

 

Windows Security Update (12 Aug 2009) - Microsoft announce vulnerabilities on Remote Desktop connection, Microsoft Office Web components, WINS, Windows Media File Processing, Microsoft Active Templete Library, Workstation service, Message Queuing, ASP.NET & Telnet service. The vulnerabilities allow remote code execution and deniel of service on the computers. Refer to the Microsoft Security Web site for detail information.

Windows Security Update (31 Mar 2009) - Security watchdog has issued a warning to take precautions against a fast-mutating malicious computer program that will strike on Wednesday 1st April 2009. The Conficker or Downadup worm infect Microsoft Windows system from a thumb drive, a network share or via the network if a computer is not install with the Microsoft MS08-067 patch. Read detail from Microsoft.

  • Block access to the security sites such as Microsoft, Symantec, Mcafee, f-secure.
  • Disable service such as Microsoft Windows update and Windows Defender, Background Intelligent Transfer Service
  • Accounts may be locked out
  • May flood the network with connections
  • Access to security related sites are block. Windows update service and Windows Defender disabled.
  • Traffic on port 445 on non-Directory Service
  • No access to Admin Shares
  • Presence of unusual file permission on the System32 folder or directory after executing the Dir /ah on the command prompt.

    • Who are at risk?

    • Have not installed the latest security updates from Microsoft and no antivirus software

    • If you have file-sharing turned on, the Conficker worm could allow remote code execution and take control of your computer for malicious purposes

    How to remove Conficker worm?

    Windows Security Update (16 June 2008) - Microsoft announce vulnerabilities on Bluetooth stack, IE, DirectX, WINS, ActiveDirectory, PGM and ActiveX kill bits that affect Windows 2K, XP, 2003, VISTA and 2008. The vulnerabilities allow remote code execution and deniel of service on the computers. Refer to the Microsoft Security Web site for detail information. 
    Windows Security Update (11 Mar 2008) - Microsoft release updates for vulnerabilities on Windows Office, Office Web component, Excel and Outlook that will allow remote code execution. Refer to the Microsoft Security Web site for detail information.

    Windows Security Update (14 Feb 2008) - Microsoft announce vulnerabilities whose exploitation could allow the propagation of an Internet worm without user action or allow an attacker complete control of the affected system such as install programs, view, change or delete data or create new accounts with full user rights. Read more.

    • Exploitation through vulnerabilities in the WebDAV Mini-Redirector, Object Linking and Embedding (OLE) Automation, Microsoft Word, Internet Explorer and Publisher file on a vulnerable Microsoft Office Publisher
    • Opening a specially crafted Microsoft Office file with a malformed object
    • Vulnerability on Active Directory and Application mode on Windows server and on Windows Transmission Control Protocol/Internet Protocol or TCP/IP on VISTA
    • Reported vulnerability with IIS 5.1-6.0 with ASP web pages on Windows XP and 2003

    Microsoft Works File Converter allow remote code execution on an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. 

    Windows Security Update (8 Jan 2008) -Vulnerabilities on Microsoft OS and the release of updates on

    • Windows Transmission Control Protocol/Internet Protocol or TCP/IP which could allow remote code execution. An attacker could then install programs, view, change, or delete data or create new accounts with full user rights. 
    • Windows Local Security Authority Subsystem Service (LSASS). Similarly, the vulnerability could also allow an attacker to run arbitrary code with elevated privileges thus taking control of the affected system such as installing programs, view, change, or delete data; or create new accounts with full user rights.

    The above issues affect Windows XP, 2000, 2003 & VISTA. Refer to the Microsoft Security Web site for detail information.

    Windows Security Update (12 Dec 2007) - Microsoft release updates for vulnerabilities on Windows DirectX, DirectShow, Media Format Runtime & IE. Besides, vulnerabilities were also identified on the Windows Operating System Server Message Block Version2(SMBv2), Windows Message Queuing Service, Windows kernel and with MacroVision driver affecting Windows XP, 2000, 2003 & VISTA. Refer to the Microsoft Security Web site for detail information.
    Windows Security Update (13 Nov 2007) - Vulnerabilities in Windows URI Handling could allow remote code execution on Windows XP & 2003 server. Spoofing vulnerability was also reported on Windows DNS server affecting Windows 2000 & 2003. Please refer to the Microsoft Security Web site for detail information.
    Windows Security Update (16 Oct 2007) - Vulnerabilities on Microsoft Kodak Image viewer, Outlook Express & Windows Mail, Internet Explorer, Microsoft Word, Remote Procedure Call(RPC), Windows Share Point Services 3.0 and Office SharePoint Server 2007 on the Windows XP, Windows 2000, Windows 2003 & VISTA. Please refer to the Microsoft Security Web site for detail information. 
    Windows Security Update (6th Sep 2007) - Vulnerabilities reported for Microsoft Agent, Crystal Reports for Visual Studio, Windows Services for UNIX 3.0 & 3.5, Subsystem for UNIX-based Applications & MSN Messenger on Windows XP, Windows 2000, Windows 2003 & VISTA. Please refer to the Microsoft Security Web site for detail information. 
       
    Windows Security Update (14 Aug 2007) - Vulnerabilities reported for Microsoft XML Core Services, OLE Automation, Microsoft Excel, Internet Explorer, GDI, Vector Markup Language, Windows Media Player, Windows Gadgets & Virtual PC and Server on Windows XP, Windows 2000, Windows 2003 & VISTA. Please refer to the Microsoft Security Web site for detail information. 
       
    Windows Security Update (11 July 2007) - Released security updates for Microsoft Excel, Windows Active Directory, .NET Framework, Office Publisher, IIS and Windows VISTA Firewall. Please refer to the Microsoft Security Web site for detail information. 
       
    Windows Security Update (7 June 2007) - Microsoft has released security updates for IE, Windows API, Outlook Express, Visio 2002 SP2/2003 SP2 and for Microsoft VISTA for the month of June 2007. Information about these updates and which software is affected is also available on the Microsoft.com Security Web site. 
       
    Windows Security Update (9 May 2007) - Microsoft has released several security updates that addresses newly discovered issues in Microsoft Office, Word, Excel and IE etc. in May 2007. Information about these updates and which software is affected is also available on the Microsoft.com Security Web site. 
       
    Windows Security Update (11 Apr 2007) - Microsoft has released several security updates that address newly discovered issues in Microsoft Windows in April 2007. Information about these updates and which software is affected is also available on the Microsoft.com Security Web site.
       

    Windows Security Update (12 Feb 2007) - Microsoft has released several security updates that address newly discovered issues in Microsoft Windows in February 2007. Information about these updates and which software is affected is also available on the Microsoft.com Security Web site. 

    [Back to Top]   

     

    Virus Discovered on Campus and Removal Instructions

    Virus on Campus

    		 Details and Impact Removal Instructions

    Exploit-ANIfile.c
    (11th Apr 2007)

    Risk Rating: High

    Find out more from: McAfee or Trend

     

     


     

    1. This Trojan may arrive via Internet browser as a specially crafted animated cursor (.ANI) file.

    2. It may also be downloaded via a specially crafted HTML email message.

    3. It takes advantage of a vulnerability in the way Windows handles animated cursor files (.ANI)

     

     

    1. Apply Patch to resolve the Windows MS07-017 vulnerability

    i.Windows XP with SP1 & SP2, click  orr

    ii. Windows 2000 with SP4, Click

         [Click  for all other Windows vulnerability update via IE]

    2. Click to update Enterprise Mcafee Vscan  8.0 signature, detect and remove the Trojan.

     

    Virus on Campus

    		 Details and Impact Removal Instructions
    IRC-Mocbot!MS06-0402
    (14th Aug 2006)

    Risk Rating: High

    Find out more from: McAfee or Trend

     


     

    1. The worm will look for unpatched system of Windows MS06-040 vulnerability by performing port scanning on TCP 139 (netbios) and 445 (microsoft-ds) therefore causing Denial of Service Attack.

    2. The network-aware worm will open an IRC back door on the compromised computer and will drop a file wgareg.exe or wgavm.exe in the WINDOWS SYSTEM directory

    3. TCP 18067 connections to bbjj.househot.com or ypgw.wallloan.com

     

    1. Apply Patch to resolve the Windows MS06-040 vulnerability

    i. Windows 2000 with SP4, Click

           or

    ii. Windows XP with SP1 & SP2, click

    [Click  for a complete vulnerability scan of the windows OS]

    2. For detection of the worm, click to update Mcafee Vscan  8.0 signature.

    Virus on Campus

    Details and Impact

    		 Removal Instructions

    W32/Sober.p@MM
    (30th June 2006)

    Risk Rating: Medium

    Find out more from: McAfee or Trend

     


     

    1. This worm spreads by mass-mailing copies of itself using its own SMTP (Simple Mail Transfer Protocol) engine. It extract addresses from local files and use it for "From:" field therefore creating a spoofed email message.  

    2. It uses social engineering techniques supposedly sent by the soccer organization FIFA. Informing recipients that they won tickets for the upcoming FIFA World Cup 2006 in Germany.

    1. Use the latest AV signature file.

        Click to update Mcafee Vscan  8.0

        or higher

     OR

    2. Download the Symantec removal  tool   

     

    Virus on Campus
    		Details and Impact Removal Instructions

    MS ASN1 Integer Overflow TCP
    (17th Mar 2006)

    Risk Rating: High

    Find out more from: McAfee or Norton

     

     

    A critical vulnerability in Microsoft's ASN.1 library allows an attacker to overwrite heap memory with data thus allowing the execution of an arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services.

    Patch the computer with the MS04-007 Security Update to block access via the Exploit or backdoor. 

    MS04-007 WXP SP1  

    Important: Windows XP users must install Service Pack 2(SP2) which c/w host base Firewall plus a reputable AntiVirus software

    i. Click WXP SP2  to install Service Pack 2 and

    ii. Click  updates for other newer patches.

     

    Virus on Campus
    		Details and Impact Removal Instructions

    W32/MyWife.d@
    MM!M24
    (3rd Feb 2006)

    Risk Rating: Medium

    Find out more from: McAfee or Norton

     

    W32/MyWife.d@MM!M24 is a
    mass mailing virus. It has the
    ability to spread through open network shares, attempts to
    lower security settings and
    disable security software as well
    as overrides files on the third of every month. It harvests
    addresses from local files and
    then uses the harvested addresses to send itself.  This produces a message with a spoofed "From" address.

    1. Use the latest AV signature file.

        Click to update Mcafee Vscan  7.x or higher

     2. Download the Symantec removal tool  .

    Virus on Campus
    		 Details and Impact Removal Instructions

    W32/Sober@MM!M681(24th Nov 2005)

    Risk Rating: Medium

    Find out more from: McAfee or Norton

     

    W32/Sober@MM!M681 is a mass mailing threat that contains its own SMTP engine to construct outgoing messages. It harvests addresses from local files and then uses the harvested addresses to send itself. This produces a message with a spoofed From address. The attachment arrives in the form of a .zip file that contains an executable file. The sample mail,

    Dear Sir/Madam,

    we have logged your IP-address on more than 30 illegal Websites.

    Important: Please answer our questions!The list of questions are attached.

    Yours faithfully,

    Steven Allison

    *** Federal Bureau of Investigation -FBI-

     

    1. Use the Mcafee Virus defination 4635Dat and 4400Engine or higher for detection and removal. To update virus signature/scan engine, select VirusScan7.x

    or

    2. Download a stinger removal tool to a floppy disk and scan the infected system

    or

    3. Download the vulnerability assessment and removal tool

     

    Virus on Campus
    		 Details and Impact Removal Instructions

    W32/IRCBot.worm(17th Aug 2005)

    Risk Rating: High

    Find out more from: McAfee or Norton

     

    This Internet Relay Chat (IRC) bot worm will cause a continual reboot of an un-patched system with MS05-039 vulnerability

    It has ability to spread via the network by exploiting systems which are not yet patched for the MS05-039 vulnerability. Once a system is infected, this worm is designed to contact a remote IRC server and wait for further instructions.

     

    Disconnect your computer from the network

    1. Apply the vulnerability patch.
    2. Download a stinger removal tool to a floppy disk and scan the infected system
    3. Once the worm had been removed, reboot and connect the computer to the Local network
    4. Apply the MS05-039 patch for

              Select accordingly

              i.  WinXP SP1 or SP2

              ii. Win 2000 SP4

              iii.Win 2003  

     

        6.   Update all OS vulnerabilites.  

        7.   Update Mcafee Vscan 7.x or 

              higher

    Important:For Windows XP/Me   users please disable your System Restore first before removing the infected files.

     

    Virus on Campus
    		 Details and Impact Removal Instructions

    W32/Netsky.ag@MM worm and its variant
    (15th Oct 2004)

    Risk Rating: Medium

    Find out more from: McAfee or Norton

     

    - Mass-mailing worm

    - the From: address of messages is spoofed

    - contains its own SMTP engine to construct outgoing messages

    - harvests email addresses from the victim machine

    - Network and P2P propagation. The worm copies itself to local folders containing string share or sharing , network shares and P2P shared folders

    Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected as the virus often forges the from address

    How do I know that I've been infected?
    When run, the worm displays a message box with the warning

     

    1.Campus computers with Mcafee Enterprise Vscan 7.x or higher, click to update  VirusScan7.x  signature/engine to the latest. 

    2. Disconnect the network point

    3. Scan the computer with the latest virus signature/scan engine update

    4. Reboot and reconnect the network

    For Windows XP users please disable your System Restore first before removing the infected files

     

    Virus on Campus
    		 Details and Impact Removal Instructions

    W32/Bagle.az@mm worm and its variant
    (29th Sep 2004)

    Risk Rating: Medium

    Find out more from: McAfee or Norton

     

    - Mass-mailing worm

    - in the From: address of messages is spoofed

    - contains its own SMTP engine to construct outgoing messages

    - harvests email addresses from the victim machine

    - contains a remote access component. Infected computer will listern on the network via TCP port 81 and a random UDP port 

    - copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)

    Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected as the virus often forges the from address.

     

    Mcafee Anti-virus software is capable of detecting and removing the virus with the latest update.

    1.Campus computers with Mcafee Enterprise Vscan 7.x, click to update VirusScan7.x signature/engine to the latest. 

    or

    Download the Mcafee Stinger

    2. Disconnect the network point

    3. Scan the computer with the latest virus signature/scan engine update

    or

    Using the Mcafee Stinger to scan the computers.

    4. Reboot and reconnect the network

    For Windows XP users please disable your System Restore first before removing the infected files
     

    Virus on Campus
    		 Details and Impact Removal Instructions

    W32/Mydoom.y@mm worm and its variant
    (20th Sep 2004)

    Risk Rating: Medium

    Find out more from: McAfee or Norton

     

     

     

     

     

     

     

     

     

     

    		 - mass-mailing worm constructing messages using its own SMTP engine

    - harvests email addresses from the victim machine

    - spoofs the From: address

    - drops a downloader trojan and a keylogger trojan

    - downloads BackDoor-CEB.d over HTTP 

    Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected as the virus often forges the from address.

    Sample virus infected email:

    Dear user xxxx@ntu.edu.sg,

    We have found that your e-mail account was used to send a huge amount of spam messages during the recent week. Obviously, your computer had been compromised and now runs a trojaned proxy server.

    We recommend that you follow the instruction in the attached file in order to keep your computer safe.

    Virtually yours,

    ntu.edu.sg technical support team.

     

    1. Disconnect the infected computer from the  network.

    2. Scan the computer with Mcafee Stinger

    3. Update your anti-virus signature/scan engine to the latest. Perform another scan on your computer with the updated signature.

    4. Reboot and reconnect the network

    For Windows XP users please disable your System Restore first before removing the infected files

     

     

     

     

     

     

     

     

    Virus on Campus
    		 Details and Impact Removal Instructions

    Exploit-MS04-028 / Bloodhound.Exploit.13 (17 Sep 2004)

    Risk Rating: Critical according to Microsoft

    Find out more from: McAfee or Norton

    Note: Exploits on the OS or Applications are potential backdoors used by Hackers to gain access illegally to the System and to execute codes planted in the system. 

     

     

     

     

     

    		 Buffer Overrun in JPEG Processing (GDI+) could allow Remote Code Execution

    eg. of code execution

    i. Spoofed & Mass mailing

    ii.Denial of Service attack on a host, web sites or network due to the large number of packets it sends.

    iii.Keylogger to steal Password

    iv.Port scanning on other hosts to propagate the infection

    Microsoft affected Software:

    i. WinXP SP1 or earlier (WinXp2 is not affected)

    ii.Office 2002 & Office 2003

    iii.IE SP1. Click for System Requirement 

    iv.Microsoft .Net Frameworkv1 SP1

    v.Microsoft .Net Frameworkv1

    Patch the computer with the MS04-028 Security Update to block access via the Exploit or backdoor. 

    i. MS04-028 WXP SP1  & W2003

    ii.MS04-028 Office XP2 & Off XP3

    iii.MS04-028 IESP1  

    iv.MS04-028 .Net Frameworkv1 SP1

    v.MS04-028 .Net Frameworkv1 

     

     

     

     

    Virus on Campus
    		 Details and Impact Removal Instructions

    W32/Sdbot worm
    (24th Jul 2004)

    Risk Rating: Medium

    Find out more from: McAfee or Norton

     

    Propagate via the network and  spreads by exploiting the Microsoft OS vulnerability MS03-026, MS03-007 and MS04-011

    The worm scans random IP addresses and try to connect to the "C$" and C share. It will use Administrator, Owner or Guest account to get connected to the shares.

    Please ensure that all user accounts come with strong password. Unused password such as "guest" must be removed.

    Remove all user created network shares . Remove unused system shares such as c$, d$, ADMIN$, IPC$

     

    1. Disconnect the infected computer from the  network.

    2. Scan the computer with McAfee Stinger 

    3. Patch the computer the Security Update downloaded on a CD for XP or W2K

    i. MS03-026 WinXP  & W2k

    ii.MS03-007 WinXP  & W2k

    iii.MS04-011 WinXP  & W2k

    4.Reboot and reconnect the computer to the network. Update the Anti-virus signature/scan engine to the latest

    For Windows XP users please disable your System Restore first before removing the infected files

     

    Virus on Campus

    		 Details and Impact

    Removal Instructions

    W32/Sasser worm
    (6th May 2004)

    Risk Rating: Critical

    Find out more from: McAfee or Norton

     

     

     

     

     

     

    Propagate via the network and  spreads by exploiting a Microsoft OS vulnerability [MS04-011]. 

    It will cause an infected computer to shutdown.  

    The worm scans random ip addresses it listens on successive TCP ports starting at 1068.  It also acts as an FTP server on TCP port 5554, and creates a remote shell on TCP port 9995 or 9996. It scan on the destination port TCP 445.

    1. Disconnect the infected computer from the  network.

    2. Scan the computer with McAfee Stinger 

    3. Patch the computer with the Security Update downloaded on a CD for XP or W2K

    i. MS03-026 WinXP  & W2k

    ii.MS03-007 WinXP  & W2k

    iii.MS04-011 WinXP  & W2k

    4.Reboot and reconnect the computer to the network. Update the Anti-virus signature/scan engine to the latest

    For Windows XP users please disable your System Restore first before removing the infected files

    Virus on Campus

    		 Details and Impact

    Removal Instructions

    W32/Sober.f@mm (5th Apr 2004)

    Risk Rating: Medium

    Find out more from: McAfee or Norton

    This is a mass-mailing worm, spreads by stealing email addresses from the infected computers, spoofing or forging the "from: field".

    Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected as the virus often forges the from address

    Use the Mcafee Virus defination 4347Dat files or higher for detection and removal. To update virus signature/scan engine, select VirusScan 4.5.x or VirusScan7.x and click Open. Check Anti-Virus version

    or

    Download and run the Mcafee Stinger to check or remove this virus from your PC

    or

    Download the Symantec removal tool  . Important:For Windows XP/Me users please disable your System Restore first before removing the infected files.
     

    Virus on Campus Details and Impact

    Removal Instructions

    W32/SQLSlammer
    .worm
    (12 Mar 2004)

    Risk Rating: Critical

    Find out more from: McAfee or Norton

    		 Worm that targets the systems running Microsoft SQL Server 2000, as well as Microsoft Desktop Engine (MSDE) 2000 . The worm sends 376 bytes to UDP port 1434 which is the SQL Server Resolution Service Port. The worm has the unintended payload of performing a Denial of Service attack due to the large number of packets it sends.

    1. Download the vulnerability assessment and removal tool

    2. Once the virus is removed: 

    a. if running  SQL 2000 download this service pack to patch your PC (Microsoft)

    b. if running  Mircosoft Desktop Engine 2000 i.e. MSDE, download this service pack to patch your PC (Microsoft)
     

    Virus on Campus Details and Impact

    Removal Instructions

    W32/Netsky@mm

    Risk Rating: Medium

    Find out more from: McAfee or Norton

    		 This is a mass-mailing worm that copies itself to folders named "share" or "sharing" on an infected system and opens a backdoor on TCP port 6789. It spreads by stealing email addresses, spoofing or forging the "from: field". The worm tries to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses on the host computer. Start a DOS attack on a certain site.

    Upon infection, W32/Netskyk.e@MM will also spread via P2P programs like KaZaa, Bearshare and Limewire that use shared folder names containing the words "share" or "sharing"
     

    Download and run the McAfee Stinger to check or remove this virus from your PC

    or

    Download the Symantec removal tool  . For Windows XP/Me users please disable your System Restore first before running this tool. 

    Virus on Campus Details and Impact

    Removal Instructions

    W32.Beagle@mm

    Risk Rating: Medium

    Find out more from: McAfee or Norton

    		 This is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. The virus also attempts to spread across file-sharing networks, such as Kazaa and iMesh, by dropping itself into the directories that contain "shar" in their names. 

    The spoofed email with attachment can be a password-protected zip file, with the password included in the message body

    Download and run the McAfee Stinger  to check or remove this virus from your PC

    or

    Download the Symantec removal tool  . For Windows XP/Me users please disable your System Restore first before running this tool. 

     

    Virus on Campus Details and Impact

    Removal Instructions

    Buffer Overrun In RPCSS Service for Windows XP, 2000, NT and 2003 
    (10 Sep 2003)

    Risk Rating: Critical

    Find out more from: Microsoft

    		 Microsoft has issued warning of a new critical security hole called Buffer Overrun In RPCSS Service  in its Windows operating system. This affects Windows XP, 2000, NT and 2003 machines that could allow an attacker to gain control over a computer, delete data and install unwanted programs - similar to the attacks by the W32.Blaster.Worm and W32.Nachi / Welchia worm
     

    Please do a Windows Update to patch this vulnerability.

    Windows 95, 98 and ME are not affected by this vulnerability.

    [Back to Top]

    Printer-friendly | Send to a friend