here we go again! I'm sure my other anti-virus warnings will be pouring in !! they seem to come in wave's - and this has been one really big wave this past month!! cris ----- Original Message ----- From: Virus Alerts To: VIRUSALERTSCOM@xxxxxxxxxxxxxxxxxxxxxxxxx Sent: Monday, September 22, 2003 10:07 AM Subject: Virus Alerts [Panda Software reports the appearance of the new Op aserv.Y worm - 09/22/03] - Panda Software reports the appearance of the new Opaserv.Y worm - Virus Alerts, by Panda Software (http://www.pandasoftware.com) Madrid, September 22, 2003 - PandaLabs has detected the appearance of the new Y variant of the Opaserv worm. According to data gathered by Panda Software's international technical support services, this malicious code is already causing incidents. Opaserv.Y spreads directly through the Internet by looking for computers to infect. In order to do this, it checks if port 137 is open and unprotected. If it is, Opaserv.Y gets into the computer through port 139 and copies itself in the C:\Windows directory under the name Speedy.scr. At the same time, it generates several entries in the Windows Registry in order to ensure that it is run whenever the computer is started up. If the infected computer is connected to a network, Opaserv.Y will exploit the Windows vulnerability known as Share Level Password - based on an inconsistency in the protection of network shares in the operating systems Windows Me/98/95- in order to spread to the rest of the computers in the network. Up until now, PandaLabs has detected two versions of Opaserv.Y. The difference between the two is the compression utility they are packed with. Another characteristic of this malicious code is that if the user runs the file carrying the worm from an MS-DOS window, instead of displaying the following message: "This program requires MS Windows", one of the following three will be displayed: - Telefonica ganhe menos e faca mais!! - Queremos melhores servicos da SPEEDY - Melhorem o servico Speed seus FDPS!! Due to the incidents detected and to avoid falling victim to Opaserv.Y, Panda Software advises users to treat all e-mails received with caution and to update their antivirus solutions immediately. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Opaserv.Y. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com/. Users can also scan their computers using the free, online antivirus, Panda ActiveScan, which is available on the company's website at http://www.pandasoftware.com/. For more information about Opaserv.Y and other malicious code, visit Panda Software's Virus Encyclopedia at the following address: http://www.pandasoftware.com/virus_info/encyclopedia/. NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the "cut" and "paste" options to join the pieces of the URL. ------------------------------------------------------------ To unsubscribe from Virus Alerts: Send a message to the following address: virusalertscom-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk