Viruses and Trojans:
Sober.p (w32.sober.p@mm) is a reincarnation of its predecessor - the sober worm virus. Be suspicious of e-mail containing zip-type attachments for this one. Versions - old and new - of Bagle, beagle, NetSky, and MyDoom are still circulating simultaneously around the internet and wreaking havoc with site access and e-mail systems. Common indicators of these virus' activity may be seen as you receive "bounced" e-mail notifications from people you don't know, e-mails that arrive in Outlook with their attachments removed, and your anti-virus program alerting you frequently that a virus has been removed from an e-mail.
Phishing:
Received a warning or notification of a supposed security issue with your account at e-Bay, a credit card company, or Pay Pal? Or a notice appearing to be from Microsoft or a trusted software vendor about a critical update that you just must download now? These are generally attempts to get the receiver to download malicious software containing viruses, trojans, or spy ware or to get the receiver to reveal confidential account information to a thief - a term coined recently - phishing. Be very wary of all such uninvited solicitations. Read our article under "Security Alerts" on the left to access various articles on these and related issues.
Spoofing:
One trait common to these pests is that it creates an e-mail and "spoofs" the sender's address. For example, a friend with whom you correspond regularly via e-mail has your e-mail address in his/her address book. Then, that person opens a virus-carrying e-mail attachment and contracts the virus. The virus then gleans the e-mail address contained in that person's address book and begins to generate messages to those people while spoofing the sender's address to make it appear to come from someone else in the address book. Subsequently, you receive a bounce-back from XYZ Corporation saying you sent someone there an infected e-mail or you receive an administrator message that joe@xyz.com is not a valid e-mail address. Although you know nothing of XYZ or its people, the virus on your correspondent's PC has sent e-mail and has spoofed your address to it. Most of these viruses contain their own e-mail sending engine and replicate rapidly. A sudden flurry of bounced e-mails may be an indicator that someone with whom you correspond has an active virus.
What can you do about this spoofing operation? Not much except to notify your correspondent that he/she has an active virus on his/her PC.
Bottom line advice: KEEP YOUR ANTI-VIRUS SOFTWARE CURRENT AND ACTIVE. If you use a current version of Outlook, allow it to remove potentially dangerous attachments. Be vigilant and do not open items from strange-sounding senders. Delete suspicious e-mails without opening them. A good anti-spyware program is also highly recommended today. Microsoft has one in beta at the moment. It look good so far and is supposed to be released in final form after July 1. Sunbelt Software has a program called CounterSpy that is excellent (www.sunbeltsoftware.com).
More information may be found at:
http://www.networkassociates.com/us/security/resources/risk_assessment.htm
http://securityresponse.symantec.com
For technical info from Microsoft about the MyDoom virus, see:
http://www.winxpnews.com/rd/rd.cfm?id=040203SE-MyDoom_InfoSpecial thanks to WinXP News ( www.winxpnews.com ) for much of this information. This is a super e-zine with lots of tips, helps, and industry news. Visit their site for a trial subscription.