yup after months of not seeing one, Norton caught the bugbear coming through again ----- Original Message ----- From: "cris" <cris@xxxxxxxxxxxxxxxx> To: "PCTechTalk" <PCTechTalk@xxxxxxxxxxxxx> Sent: Monday, September 22, 2003 12:24 PM Subject: -=PCTechTalk=- Fw: Virus Alerts [Panda Software reports the appearance of the new Op aserv.Y worm - 09/22/03] > here we go again! > I'm sure my other anti-virus warnings will be pouring in !! > they seem to come in wave's - and this has been one really big wave this past month!! > cris > ----- Original Message ----- > From: Virus Alerts > To: VIRUSALERTSCOM@xxxxxxxxxxxxxxxxxxxxxxxxx > Sent: Monday, September 22, 2003 10:07 AM > Subject: Virus Alerts [Panda Software reports the appearance of the new Op aserv.Y worm - 09/22/03] > > - Panda Software reports the appearance > of the new Opaserv.Y worm - > Virus Alerts, by Panda Software (http://www.pandasoftware.com) > > Madrid, September 22, 2003 - PandaLabs has detected the appearance of the > new Y variant of the Opaserv worm. According to data gathered by Panda > Software's international technical support services, this malicious code is > already causing incidents. > > Opaserv.Y spreads directly through the Internet by looking for computers to > infect. In order to do this, it checks if port 137 is open and unprotected. > If it is, Opaserv.Y gets into the computer through port 139 and copies > itself in the C:\Windows directory under the name Speedy.scr. > > At the same time, it generates several entries in the Windows Registry in > order to ensure that it is run whenever the computer is started up. If the > infected computer is connected to a network, Opaserv.Y will exploit the > Windows vulnerability known as Share Level Password - based on an > inconsistency in the protection of network shares in the operating systems > Windows Me/98/95- in order to spread to the rest of the computers in the > network. > > Up until now, PandaLabs has detected two versions of Opaserv.Y. The > difference between the two is the compression utility they are packed with. > Another characteristic of this malicious code is that if the user runs the > file carrying the worm from an MS-DOS window, instead of displaying the > following message: "This program requires MS Windows", one of the following > three will be displayed: > > - Telefonica ganhe menos e faca mais!! > - Queremos melhores servicos da SPEEDY > - Melhorem o servico Speed seus FDPS!! > > Due to the incidents detected and to avoid falling victim to Opaserv.Y, > Panda Software advises users to treat all e-mails received with caution and > to update their antivirus solutions immediately. The company has already > made the updates to its products available to users to ensure their > solutions can detect and eliminate Opaserv.Y. Those whose software is not > configured to update automatically, should update their solutions from > http://www.pandasoftware.com/. > > Users can also scan their computers using the free, online antivirus, Panda > ActiveScan, which is available on the company's website at > http://www.pandasoftware.com/. > > For more information about Opaserv.Y and other malicious code, visit Panda > Software's Virus Encyclopedia at the following address: > http://www.pandasoftware.com/virus_info/encyclopedia/. > > NOTE: The addresses above may not show up on your screen as single lines. > This would prevent you from using the links to access the web pages. If this > happens, just use the "cut" and "paste" options to join the pieces of the > URL. > > ------------------------------------------------------------ > To unsubscribe from Virus Alerts: > > Send a message to the following address: virusalertscom-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > To contact with Panda Software, please visit: > http://www.pandasoftware.com/about/contact/ > ------------------------------------------------------------ > > To unsub or change your email settings: > //www.freelists.org/webpage/pctechtalk > > To access our Archives: > http://groups.yahoo.com/group/PCTechTalk/messages/ > //www.freelists.org/archives/pctechtalk/ > > For more info: > //www.freelists.org/cgi-bin/list?list_id=pctechtalk > > To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk