February 2006
Issue: Worm/Malware alias, BlackWorm, Win32/Mywife@E.mm,
Blackmal, Nyxem, MyWife, Tearec among other names.
If infected the worm will activate it’s duties on the 3rd day of every
month. The first activation date is set for February 3rd 2006.
Notice: For
our customers using Security Guard, this worm was added to the current virus
definitions on January 20, 2006. Most customers should be protected, unless
they were infected before that date. Running a scan of Security Guard should
catch this worm. Security Guard will detect it as Nyxem.E.
This is what it will do:
- This malware modifies or deletes files and registry keys associated with
certain computer security-related applications. This prevents these applications
from running when Windows starts.
- The malware is intended to permanently corrupt a number of common document
format files on the third day of every month.
- These file types will be overwritten by the virus: DOC, XLS, MDE, MDB,
PPT, PPS, RAR, PDF, PSD, DMP, ZIP, and rendered useless for good.
- The malware attempts to disable/remove any anti-virus software on the system
and does this every hour while the system is up.
BlackWorm uses the same tricks to install itself as other viruses/worms. It
may not be the only one on your system. Antivirus will not detect all viruses,
and the removal tool will only remove this specific worm.
- BlackWorm will allow remote access to your system, and additional malware
may have been installed via this backdoor.
If you are infected, here is a free removal tool. http://www.f-secure.com/v-descs/nyxem_e.shtml.
Please be sure to read and follow the instructions. If you are a Security
Guard customer, and you run this tool, you do not need to download the F-Secure
Anti-Virus software.
Here are 2 links to provide you with more information.
http://isc.sans.org/diary.php?storyid=1067
http://www.microsoft.com/technet/security/advisory/904420.mspx
Billing Scam
If you receive an email similar
to the one below, it is a SCAM. GCI does not do business in this
fashion. We may turn off your services if you are over 60 days past
due on payment. You will see notices on your monthly bill, and you
may be contacted by GCI collections services to discuss your current
billing situation. We do not send out an email like the one below.
Do
not open the attachment!
From: Paulene [mailto:Yingaajkoryvathk@absolute-wellness.net]
Sent: Sunday, January 25, 2004 7:39 AM
To: mcallister@gci.net
Cc: mccall@gci.net; mccarron@gci.net; mccormixx@gci.net;
mcctogglo@gci.net; mcdaid@gci.net; mcgraws@gci.net; mchrisman@gci.net;
mcjimy@gci.net;
mckajdej@gci.net; mckenzie1@gci.net; mckinney@gci.net; mclynch@gci.net;mcole@gci.net;
mcr@gci.net
Subject: Billing Notice From gci.net 's Accounting Dpt
*** gci.net 's accounting dpt notice ***
Internet Billing Notice
Please press "open" and read the attached Billing Notice.
Note if you do not read this withing 24 hours we at gci.net regret
we will have to terminate internet service.
top of page
Security Scam
If you receive an email
similar to one below it is a scam. Do not click on the link, it
may cause you to receive a virus!
As a general rule GCI does not
send out email warnings on virus information. We rely on you, our
customer to review our home page for information updates. However,
on occasion when we see many of our customers receiving an infection,
we have sent out a general warning. These warnings will reference
you to GCI.net support site articles, to McAfee's or Symantec's
home page for more information. These emails will come from our
support section. We do not have an Internet Virus Department.
Virus Alert
To:dhg
From: gci.net's Internet Virus Department
We have detected a possible computer virus on your
computer, You must open the details of the report within 24 hours
our we will
be forced to shut down your internet service.
Please Click Below Then Press "open" To View The Report
If you do not open this report in 24 hours we will suspend your
internet
service If nothing apears on your virus report please dis-regard
this message
Click Here Now
http://gci.net%01@8rtzbtj4zafzi1.evansji.com/special2/
top of page
March 8, 2005
MSN Messenger can allow your computer to be infected.
A current threat is the W32.Kelvir.A, which is a worm that spreads through
Windows and MSN Messenger. The worm attempts to download and execute a variant
of W32.Spybot.Worm.
The worm arrives in a Windows Messenger window with a link to the cute.pif
file. DO NOT click on the link. If you click on the link it
will infect your system and send the worm to individuals in your contacts list.
Cute.pif is the file name to date; the name could change with future variations
of this worm.
Treat this pif file as any file you did not specifically request - delete;
do not open, even if you know the sender. Check with the sender to see if they
intentionally sent you a link, if they did not, they may be infected.
For more information on this threat,
please visit this link.
There are many known viruses and worms that could infect your computer system.
Please keep your anti-virus software up-to-date, and ensure your computer has
the current Microsoft Operating System Updates.
For additional information on worms or virus, please
visit McAfee's Web Site or
Symantec / Norton's Web Site.
November 4, 2004
There are many known virus and worms that
could infect your computer system. Current medium threat virus / worms are Backdoor.Alnica,
W32.Josam.Worm, W32/Bagle.bb@mm. Please keep your anti-virus software up-to-date,
and ensure your computer has the current Microsoft Operating System Updates.
For additional information on these worms or virus, please visit McAfee's
Web Site or Symantec / Norton's
Web Site.
September 20, 2004
There are still a lot of known virus and
worms that could infect your computer system. Please keep your anti-virus software
up-to-date, and ensure your computer has the current Microsoft Operating System
Updates.
June 11, 2004
We are still seeing a number of individuals
being infected with the viruses reported below from May 7,2004. Please review
the information from May 7th, and ensure your computer has the current Microsoft
Operating System Updates.
May 7, 2004
There are two Viruses:. Sasser
Worm and Misodene@mm
Sasser Worm
This virus is causing serious problems
on the Internet. It is a self-propagating worm that is not email related, it
is spread simply by being on the Internet. This virus affects all Windows operating
systems. Depending on the variant, it may be harmful to your computer. For more
detailed information on the worm click
here.
Symptoms indicating your computer
is infected:
How to check for and clean the infection:
-
-
- The steps above are from Microsoft.com. GCI is providing them as a convenience.
Warning: Manually updating your registry improperly can cause your system
to stop functioning. GCI will not be responsible for your system if you follow
these steps and experience problems. If you have caution or concerns, GCI
recommends you take your computer to a competent repair technician.
Prevention:
For Windows XP and Windows XP
users with Service Pack 1 installed: Click
here, follow the instructions by Microsoft.
Windows: 2003 Server, 2000,
and NT users please go to this link: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
W32.Misodene@mm
This virus is transferred through email. It sends
a mass email to all email addresses found in an infected system. This virus
affects all Windows operating systems and is relatively harmless. When it
is first run, it displays a message box titled "Virus Liberdad"
For More Information, Click
here or go to this site: http://securityresponse.symantec.com/avcenter/venc/data/w32.misodene@mm.html
top of page
April 7, 2004
New Virus is being reported: JS_DEBESKI.A
This is a malicious Java script that is
embedded in a web page. When a user visits the Web page, this Trojan connects
to a certain site and logs on using a particular user name and password. It
then attempts to download certain files from this site via HTTP:
It runs on Windows XP, 2000, ME, 98, 95,
and NT.
Please
visit this page for more information and removal steps:
Various forms of virus continue to move
around the Internet. GCI recommends you ensure your virus software files are
up to date.
Note: This trojan is not sent via email,
and eMail Guard will not catch this virus. This is a reason that GCI recommends
you also install and maintain a virus software program on your computer.
top of page
March 2, 2004
We have received a warning on a new virus, rated as category
4 danger (on a scale from 1 to 5, with 5 being the worst). The virus is called
W32.Netsky.D@mm.
The subject name and attachment name are random but the attachment
will have a .pif extension. Please do not open any attachment with these names.
More information on this virus can be found at: http://www.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html
GCI customers with Email Guard should be protected on their
GCI email. However remember that eMail Guard does not check accounts like
Hotmail or Yahoo mail. If you have a virus software program on your computer,
which GCI recommends, now is a good time to update the program.
top of page
A past threat to Internet users is the "Mydoom" ,
"Novarg", or WORM-MIMAIL.R E-mail Worm. This worm and variants the
worm continue to be a threat. Please make sure you keep your virus software
up-to-date.
It runs on Microsoft Windows Operating System:
| Windows XP |
Windows ME |
| Windows 95 |
Windows 98 |
| Windows NT / 2000 |
Windows Server 2003 |
It has a message that reads " The message contains Unicode
characters and has been sent as a binary attachment". "Because that
sounds like a technical thing, people may be more apt to think it's legitimate
and click on it," said Steve Trilling, senior director of research at the
computer security company Symantec.
If you receive this e-mail, - delete it; If you believe you are
or may be infected, Symantec does have a removal tool for this worm. For detailed
steps on how to use the removal tool, go to GCI's article specifically addressing
the worm. (http://support.gci.net/kb/kb114
)
top of page
January 18, 2004
Bagle or Beagle:
A new Internet worm is spreading around the Internet.
The "Bagle" or "Beagle" worm arrives as an attachment
to an e-mail with the subject line "Hi" and "test
: )" in the body text. The worm is activated when a user clicks
on the attached file. Do not open the attachment, just delete the
email.
top of page
Past Threats
Click here
for, Welchia Worm Information, referenced by GCI.
Or, visit GCI.net's technical support pages at http://support.gci.net
FxMimail.exe
A new virus has been reported. For steps to remove this virus, to
to determine if your system caught it,Click
here.
top of page | 
