From; Panda Oxygen3: "Perfection of means and confusion of goals seem -in my opinion- to characterize our age." Albert Einstein (1879-1955); German-Swiss-U.S. scientist. - Weekly report on viruses and intruders - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, March 20, 2005 - In this week's report on viruses and intruders we will be looking at three worms, Tobecho.A, Mytob.E; and Elitper.D. Tobecho.A is a worm with some backdoor Trojan characteristics, as it listens for remote instructions through a TCP/IP port. These can be instructions to restart the system, download files, steal information from the compromised computer, etc. When it runs, it displays a false run-time error message. Tobecho.A spreads via email, in a message that simulates a mail delivery error message and through the MSN Messenger program. This worm also prevents users and the applications running on the computer from accessing the websites of certain antivirus and security companies. It also terminates certain processes including those belonging to variants of Netsky, Bagle and Blaster. Finally, Tobecho.A alters the settings of the affected computer and prevents users from accessing the Windows Registry Editor, as well as disabling remote administration of the computer's passwords. The second worm in this report is Mytob.E, which spreads via email. The message received by users try to trick them into thinking that they contain an interesting application (images, etc.). When users run the attachment, the computer will be infected. To send itself to other users, Mytob.E looks for email addresses in files with extensions like HTM, HTML, TXT, etc. The last interesting malicious code in this report is Elitper.D. It uses P2P file sharing programs, getting users to voluntarily download one of the files created by Elitper.D, thinking that it is some kind of interesting file, films , images, etc., when really they are downloading a copy of the worm onto their computer. For further information about these and other computer threats, visit Panda Software's Encyclopedia: http://www.pandasoftware.com/virus_info/encyclopedia/ NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member