Slashdot Mirror

The proxy setting will show up - and can be removed with 2 clicks - in a HijackThis report. While Trend Micro bought it and supposedly has changed something (not sure what...) HJT remains a useful tool for anyone combating malware and ransomware.

The Firefox extension AC replied about will show up in a log from ComboFix though CFX won't remove the proxy by itself at this point -- perusing a ComboFix log features loads of information about a system and its infections.

Used it for years. God help me if they ditch the old URL I'll have to start googling it.

  http://housecall.antivirus.com/

Can you at least send them to http://housecall.antivirus.com/ ? It may find it and clean it. If they can't reach there, they could be infected, old time tricks like using hex url etc. may help.
Now what we need is, ActiveX like installing antivirus (not joking) which will install with minimum user interaction. Housecall from Trend is a great favour to newbie users, especially after they got rid of "pay us to clean it" scheme but... It is still not a real antivirus to watch the system. It seems Kaspersky guys have a plan (Kaspersky Online Scanner Pro) but it may get pricey.

I remember MCafee having kind of "antivirus subscription" back in the day, did they give up or things became too advanced to watch with a activex installed program? Not sure.

BTW, no newbie around me got infected with Conficker because I actually forced them to install windows updates. My excuse was simple... "It is 2 AM at Redmond Washington and MS releases a security update, this can't be good". Thankfully they listened to the "2 AM" part and took it serious enough to run windows update. I made up the "2 AM" thing but it was really awkward time they released it and their number 1 media puppet made it news in a very off topic way. I knew something was going on. That update was the one closing the conficker hole. MS really knew that security issue will lead to very bad places.

They forgot about ActiveX too? :)

Also speaking of "native", signed Java applets can do amazing things, in binary. As you can see at http://housecall.antivirus.com/ (go with FF 2.x+). There you have a full feature AV scanner.

They keep re-inventing the wheel. Companies with too much money and time in their hands I guess. Another issue is Sun. Why wouldn't they advertise such use of Java? Even Vuze's (Azureus) Desktop Java? Of course people will keep thinking Java is that JVM 1.1 stupid text tricks and nothing else.

How to help prevent spam/viruses. Most of this information is common knowlege for the IT savy but can be a good cluestick for the relatives.
FireFox http://www.mozilla.org/products/firefox/ is a web browser that is much more secure then Internet Explorer. I have been using it for many
months now, it is very stable and has a small fraction of the security problems found in IE.
Ad-Aware http://www.lavasoftusa.com/software/adaware/ is a spyware finding and removal tool. This is one of the best anti-spy ware programs available and should be run at least twice a week.
Spy-Bot http://www.safer-networking.org/en/index.html is an excellent compliment to AdAware and should be run also twice a week. The combination of both Adaware and SpyBot make for great security.
Trend Micro http://housecall.antivirus.com/housecall/start_cor p.asp has a free online virus scanner that I run once a week. It has found viruses that Norton did not detect.
Microsoft's windows update http://windowsupdate.microsoft.com/ should be
checked often to patch your operating system. I would suggest you install the updates.
Zone Alarm http://www.zonealarm.com/store/content/company/zap _za_grid.jsp If you do not have a Firewall router at home or are using dialup. Make sure you have some sort of firewall running on your machine. This one is pretty good and free.

Here is a mini guide I wrote up on how to prevent from getting spam.
1. Do not give out your work email address to anyone not work related. Do not give it out to relatives.
2. Do not use your primary email address to sign up for things online, use a email from hotmail or gmail.
3. DO not use your work/primary email to post on message boards or USENET unless they are closed and protected forums.
4. Do not sign up for free giveaways, even if they are work related.
5. Do *NOT* forward jokes or other such emails. Discourage people from forwarding them to you. These emails hold a massive list of email addresses and will eventually end up in the hands of spammers.
6. Do *NOT* reply to any spam asking to be removed or to "unsubscribe." It just guarantees that you will get more spam as you have confirmed it is a
valid account.
7. Do not buy anything form a spam email. This only encourages the practice.
8. If you get spam in Outlook, go to "File", then "Work Offline" and then delete the email messages. Selecting the email message for deleting opens
it, this can cause a virus to be downloaded or download pictures that have unique tag. With the unique image tag, a spammer can tell when you
opened the email and that your account is valid. By using the "Work Offline" mode, no images will be opened.

You can find these links at my site http://www.friendsglobal.com/

I have to say, I don't understand how people get into so much trouble.

Maybe I've been lucky, but I've ran a Windows XP system for about a year now (and a Windows 98SE system for about 2 years prior under the same conditions), doing the occasional patches from Windows Update, without a virus scanner or firewall. If I do something stupid that makes me suspect that I've contracted something, I'll drop over to http://housecall.antivirus.com/ and do a quick scan. This generally only happens when I'm trying to find a crack for something on a P2P network and the bastards have embedded a keystroke logger or some other little nasty in a trojan crack package.

Otherwise, I do an occasional glance-over at the list of processes running, and if my modem is lighting up like a Christmas tree I might fire up Sygate Personal Firewall or something just to see what's happening with the traffic, but I've never seen it give me real cause for concern. I still get some port traffic for the old Code Red worms and what not, but nothing that seems to have been really problematic.

As I said, maybe I'm just lucky. Then again, maybe I don't use Internet Explorer or Outlook Express, and maybe that helps a lot. Who knows.:-)

I've never found virus programs to be worth it - if a new worm comes out, they are rarely quick enough to update and in the meantime they always seem to really slow down your computer.

Instead, I run a web-based anitvirus program (http://housecall.antivirus.com/) about once a month.

Obviously I also take other precautions - only connect to the internet via a NAT router, never open email attachments, etcetera but Housecall is good, and it's free.

Bah. Im suprised no one has mentioned housecall yet:

http://housecall.antivirus.com

Housecall is a web-based virus scanner that, since it is loaded anew every time, always has the latest virus definitions. Since it installs nothing but temporary cache files, you dont have to worry about it slowing down your machine.

Because of the nature of the application it can't always clean the offending virii/malware, but it will at least alert you to their presence and give you their names so that you can manually remove them. When combined with stinger, spybot and google it's an excellent choice for on-site calls to machines without AV or for your old boxen that just cant afford the extra cycles for full-time AV bloat.

If you prefer to do the offline thing, try the Knoppix anti-virus distribution (weak link I know). Once again it isn't a permanently installed application and since the OS isn't running it can slap down bugs before they're loaded into memory.

Cheers!

Housecall works pretty nice bbut really needs a broadband connection.

You can always burn some of the updates to CD on a different machine so that you can go straight to SP1 and whatever norton updates before it's plugged in.

I'd suggest turning on XP firewall, skipping norton (which isn't that great anyway), and trying from there.

I'm not sure where you are, but it shouldn't be /that/ bad... you can always try to install from behind a NAT (linksys/dlink/whatever router), too, that might help.

When done, head to housecall.antivirus.com and do a free virus scan.

why dont you get a 2nd opinion ?

Every few months, I will install a copy of norton and run it with the latest signatures just to check that I am clean, and I have yet to find a virus on my box.

You know you can do that without having to install anything, right? I like housecall.antivirus.com , but there are others.

I use Pc-Cillin it is subscription based but it doesnt take up as much memory or processor as mcafee or norton

I personally don't run antivirus programs, (but do periodic virus scans and scans on suspicious files using housecall). My excuse for not using a memory-resident antivirus program is that, like any other software, I don't see the purpose in having it running all the time if I'm not going to be using it.

So I guess I have two questions I would like answered - why do people install and run programs they don't need to use, and why do people install and run programs that have undesired behaviour?

Light, doesn't interfere with programs, super quick with dat file updates.

I plugged a 98 box into a freshly installed cable modem (Time-Warner RoadRunner if it matters). Within 20 minutes the box was rooted. It was my mistake. I had brought the machine from a network that was behind a hardware router, and placed it directly on the cable modem. I had sharing enabled directly to the c: drive, password protected.

The worm reset the password to null and enabled sharing of other drives.

It then tried to write itself to all the fixed disks on the machine (that is how I detected it: I was transferring photos from a compact flash card, thru a USB, when it hanged. A copy of the virus was found on the card.

It is possible that the infection would not have been detectable without running trojan scan and online antivirus particularly when the speed of cable is considered.

The worm installed a backdoor on a Windows box, and then tries to locate and infect and windows shares on the block.

Needless to say, surfing without a condom on a windows machine is dangerous indeed.

I use this whenever I'm on someone else's machine and they don't have an AV program installed.

Here is HouseCall - Their online free virus scanner.

Anyone without an antivirus program seriously needs to get one:

McAfee

Symantec (Norton)

Trend Micro

Just to name a few...

Here is HouseCall - Their online free virus scanner.

Anyone without an antivirus program seriously needs to get one:

McAfee

Symantec (Norton)

Trend Micro

Just to name a few...

Hello I believe the RPC vulnerability it's a great risk, but lets says that Microsoft had another similir vulnerabilities (IIS?). THe big rpbolem here it's the users and the sysadmins witch a lack of knowledge or the actitude "i believe everything in Norton's site". I remember a few weeks then it came out the RPC vulerability, sites like antivirus.com have it in "Low risk". Another example it's the people who rowks on my school, there are several sysadmins (like 4) and they sent an email about using a firewall, and that will fix the problem. I mean, you need to apply patches... you NEED to deploy fix tools, but no. Maybe it's not government, but come one, you can get a shell with the vulnerability too in a profesor computer, student's paradise? maybe. This misinformed users because of bad admins, it's like virus' hoaxes in E-mail...

I'd also like to point out that Trend Micro offers a great free online virus scanner that comes in very handy when you get a call from a friend/relative who's having computer problems. No need to haul over and install your own virus scanner (which is undoubtedly against said virus scanner's EULA anyway) just to find out if they're infected. I can't remember if it actually CLEANS the viruses it finds, but manually removing most viruses isn't all that tough once you know what you're looking for.

The HouseCall product has also spotted viruses that Norton did not.

When I use a computer at the school lab I always run Trend Micro's Housecall in the background. That is if they haven't disabled ActiveX. I'm assuming it would catch the popular keyloggers and trojans. Of course, its nearly impossible to stop someone who is really motivated from keylogging, stealing, murdering, etc, but it sure beats nothing and if I do find something I'm making sure someone who makes policy will hear my complaint.

How about an app which listens for keyloggers? There has to be a way to detect keylogging regardless of how its done. Why can't this be built into the heuristic part of anti-virus scanners?

How about a virtual keyboard? Web-based services (hotmail, hushmail, etc) could spring up a Java box with randomly ordered letters and numbers and you simply use your mouse to click on the proper letter. Just make it small enough so no one can shoulder-surf without making themselves noticable.

Say for example I am a user on a public machine that I suspect has keystroke monitoring software. What can I do, load onto it, download, to protect myself and detect and/or remove these things? One can always go to site to check a machine for viruses and such, but what can be done/loaded to protect against keystroke monitoring?

I've never, EVER gotten ANY fabricated virus alerts from Trend Micro. Ever. All their pattern files are usually updated within 12 hours of a virus alert. They don't force you to purchase new versions every year -- you can continue to update pattern files on your old copy of PC-cillin 98 even today, albeit the program isn't as advanced as PC-cillin 2002. And it's cheap! It's only $40 for unlimited pattern and program updates, and only $20 to upgrade from ANY old version. I'm surprised more people don't use it...but then again, I'm really not, since the only computer I've ever had it bundled with (granted, there are only two computers I've ever purchased and not built) was Alienware, and that was back when they were still an infant company. (I'm not sure if they still bundle PC-cillin or not.) In any case, call this a shameless plug, but for all intents and purposes, PC-cillin is the superior virus scanner. (It also includes POP3 scanning, so even those running Microsoft Outlook are safe from all but the bleeding-edge virii.)

i use Tend Micro's free PC scan. Its fee, easy, and it cleared the infected ones on my roomates PC.. A good-full scan, and no $$ goes into their PR dept. Me like.

http://www.antivirus.com/download/

>>The report says that a virus known as W95.CIH.1049, a slight variation of the W95.CIH bug dubbed the Chernobyl virus when it began spreading four years ago, has been detected in recent infections of the Klez worm.

For Klez worm infections they need a dose of good ol' PC-Illin ©

Ba-Rump-Bum! *kssshhhhh*

God did I just do that? ;p

For years I've been thinking that Microsoft should really be held accountable for building that capability into Outlook in the first place. Then just a couple weeks ago someone said that is like holding gun makers accountable for murders. ... It's funny that I didn't notice how much of a hypocrite I was until it was pointed out to me.

No, that person was wrong. Let's say there is a popular gun manufacturer called Smallnlimp. This is like if smallnlimp put in a "feature" that caused the weapon to go off anytime it detected a certain audio pattern. Then some whacko discovers if a specific other signal is sent immediately after, the guns will repeat both signals loudly--thereby causing other guns to go off too. The result? Millions of Smallnlimp's guns fire unexpectedly injuring and killing people as this signal is spread over open air and through telephone lines. Is Smallnlimp responsible for the guns going off? Maybe not directly...

IIRC Microsoft patched this problem by not allowing Outlook Express to run executables directly, however IMO they have been very careless and irresponsible in how they've produced software--their whole objective seems to be to take over the world instead of producing quality software. The types of "viri" that require opening an attachment are only the tip of the iceburg. Code Red and Nimda are just two examples of real worms/viri that Microsoft has allowed to spawn. I dare someone to show me a security exploit in Apache/NFS/etc that would allow such a program to spread. In additon to bugs, their default settings and all the stuff they try to hide from the user (such as file extentions and the network settings) have allowed script kiddies to go freestyle on Winboxen. Between Microsoft and Redhat, more internet worms are probably on the way...

The moderators can mod this as flamebait all they want, however it doesn't change the fact that this is an honest assessment of the MS by a person who has used their software for at least a decade.

Actually a worm can also be a set of programs (or program segments, and one could argue in this way the segments are attached or communicate to each other.

Although this alludes to just 'deleting the program', history tells us it might not be as easy as this.

I work with a virus removal group on the undernet that works from the channel #dmsetup. We often locate new stuff all the time. Below Im pasting all my links I usually give out to users. Included are keepers of the gates of hell (stuff you use before you get infected.) and some stuff that gets out out of hell (what you use after your girlfriend opened that attachment)

Cleaners and virus scanner suites

Housecall online antivirus scanner
PC-Cillin virus scanner suite
Central command Virus Scanner Suite
Puppet's Cleaner
Puppet's Cleaner Alternate Site
Mcafee virus removal suite
Norton Antivirus, virus removal suite
Frisk software's f-prot antivirus suite for windows dos and linux

Firewall software

Zone Alarm Firewall
Conseal Firewall

Various tools used to get out of hell or figure out what hell you are in.

Boot disk images
Dmsetup.org
Common port usage/abuses

I work with a virus removal group on the undernet that works from the channel #dmsetup. We often locate new stuff all the time. Below Im pasting all my links I usually give out to users. Included are keepers of the gates of hell (stuff you use before you get infected.) and some stuff that gets out out of hell (what you use after your girlfriend opened that attachment)

Cleaners and virus scanner suites

Housecall online antivirus scanner
PC-Cillin virus scanner suite
Central command Virus Scanner Suite
Puppet's Cleaner
Puppet's Cleaner Alternate Site
Mcafee virus removal suite
Norton Antivirus, virus removal suite
Frisk software's f-prot antivirus suite for windows dos and linux

Firewall software

Zone Alarm Firewall
Conseal Firewall

Various tools used to get out of hell or figure out what hell you are in.

Boot disk images
Dmsetup.org
Common port usage/abuses

I've been using Pccillin for about 2 months now. There's a free one month trial, and it found a virus in an old email attachment I had laying around on my file server. It automatically prompts for updates (typically once or twice a week) and it suits my purposes.

I believe most AV software can be configured to scan remote shares automagically (I know Norton 5.0 does).

Im personally using Mcafee, mainly because i have good experiences with it from work where we have it running both on all windows clients and linux file servers. And if you aren't behind a "real" firewall it does come with McAfee firewall included, which i haven't actually tried myself. I think there is a trial version but im not sure. And if you like all kinds of other crap^H^H^H^Hutilities then you can get it from McAfee as well.

An alternative i have heard some good things about though is Panda antivirus. One of the good things is that you can get an evalution version so you can try it before shelling out the money.

Another one i haven't seen mentioned on here, and that i actually own but havent tried (came with my motherboard) is PC-cillin. This one allows you to download an evaluation version as well.

I could mention a few others, but they have already been mentioned by others... (Norton antivirus for instance)

• Kaspersky
• Trend Micro
• RAV

and so on. Symantec/Norton also has a Linux/UNIX binary which is certainly bundled with the network-wide thing, I don't know if it's available separately. The trouble with all of these things is that although they are Linux applications, they detect Windows virii - they use the same signature files as the versions on other platforms do. This means they're very good for running on file/e-mail servers to protect the poor Windows machines behind them (which is what they're intended for) but they probably won't stop the subject of this post, for example. Basically, yes, they exist and work well but make sure you know what you're hoping for them to do...

no, it's not non-destructive. it got a high risk rating from trend micro, and that is most unusual (the only one in the last ten or so advisories). read the tech. breakdown on the thing here: here.

I know somebody there and think I'll ask them if they are planning on making security holes for every local law-enforcement agency. Could be a money maker but somehow I doubt it.. if it was China they would probably have to allow the government to install keyboard loggers on your pc through this Patriotic Remote Exploit facility. Unfortunately Japanese nuclear power plants are running Windows 95 as far as I could see from a recent newspaper photo.. (+3, Cynical, Despair)

Real-time Scan
Infected file: E:\Documents and Settings\CitizenC\Local Settings\Temporary Internet Files\upload[1].htm
Virus name: HTML_SADMIND.A (Virus Info)
Action: Unable to clean. Infected file was quarantined.

Real-time Scan
Infected file: E:\Documents and Settings\CitizenC\Local Settings\Temporary Internet Files\upload[1].htm
Virus name: HTML_SADMIND.A (Virus Info)
Action: Unable to clean. Infected file was quarantined.

Sounds like you are falling into the same trap that the author of this article warned about.

As for Code Red, yeah, well, IIS sucks. To play devils advocate, however, we must remember the only worm to ever bring the Internet to its knees was a UNIX worm.

> saying sircam is a computer virus is FUD it's an Outlook virus

Slashdot even fell into the same trap. (Slashdot's case of FAS is terminal)

If you read the analysis you find out that this virus spreads with its own SMTP routines, and through network shares. Theoretically, you dont even a mail program to contract this virus if you are hooked up to a LAN.

Arrogance like this is no doubt why the author felt the need to write the article. The "If I dont run Outlook, I won't get viruses" attitude is dangerous. This virus can spread from any Win32 mail client from Outlook to Mozilla. It looks in the Windows address book, but takes addresses from your internet history as well. If you are hooked up to a network, you may have it now... Better go check..... Those could be your documents I keep getting in the mail.

Support? You priced it with support? What is support? Seriously, though, as a customer of an ISP, I expect them to spend the money I give them on quality services. The fact that you came up with a much cheaper solution makes it even more shameful that they don't provide that extra level of protection.

The Webshield you priced covers both sparc hardware and the software, and support is on both. Trend Viruswall is just a software product ($1k for 50 users) that you still have to purchase a dedicated machine for in order to do the job properly. Luckily it is available for Linux, so the hardware portion can be cheaper in both initial cost and support.

We purchased our Webshield a year or two back when there were no solutions like this readily available. Now, Norton has Antivirus for Gateways, and more are coming out. As a small 200 person company, it's not a big deal to get support on our Webshield, but given a choice today, we would probably go for a Linux solution involving the Trend product. Heck, just thinking about the couple of bugs that we've seen in the Webshield, maybe we should consider the Trend product anyway.

It seems just about every damn virus nowadays spreads via Outlook or Outlook Express which is too bad

But has anybody (specially Timothy) actually paid any attention to the damn stories?

Nowhere in these stories is it claimed that Sircam uses Outlook to spread! Maybe Timothy got the idea from reading this CNN article.

Geez, people, do you believe everything that CNN says? It's not like I really expect CNN to get this right, but /. readers are supposed to be better than that!

In fact, the Wired news clearly says that the virus serves as it's own SMTP client. A lot about this virus in fact resembles how the Judge Disemboweler virus operates.

The only thing that can be interpreted as using Outlook to spread itself is the fact that it takes its e-mail addresses from Windows Address Book files; however it will also try to get addresses from some files in the 'Temporary Internet Files' folder. This means it should be able to spread without any need for Outlook (just some e-mail client and a user naive enough to run the attachment) and without Windows Address Files.

All the usual sources of virus information seem to agree about this virus serving as its own SMTP client. Please check for yourselves:

http://www.symantec.com/avcenter/venc/data/w32.sir cam.worm@mm.html

http://vil.mcafee.com/dispVirus.asp?virus_k=99141&

http://www.antivirus.com/vinfo/virusencyclo/defaul t5.asp?VName=TROJ_SIRCAM.A

http://www.antivirus.com/vinfo/virusencyclo/defaul t5.asp?VName=TROJ_SIRCAM.A

http://www.sophos.com/virusinfo/analyses/w32sircam a.html

http://www.europe.f-secure.com/v-descs/sircam.shtm l

http://service.pandasoftware.es/servlet/panda.pand aInternet.EntradaDatosInternet?operacion=FichaViru s&idVirusFicha=1911&pestanaFicha=1

http://support.centralcommand.com/cgi-bin/command. cfg/php/enduser/std_adp.php?p_refno=010718-000010

Scanmail for Exchange or whatever else it is you people use for uni email (I like the other 70-odd percent of corporate america use MS exchange, and it does it's job relatively well.) if you use something else like basic sendmail/smtp stuff they have products for those as well.
Trend Micro's desktop scanning software, no client required; you can either have it scan fileshares (ala NT c$ etc) or have the end user do it from a web page that starts a little java app and scans.

There's other stuff out there but honestly speaking, trend micro's stuff is pretty nice. I had a few probs with scanmail to start but got it sorted and it's worked great (ILOVEYOU and other VBS email stuff dropped dead.) We used to use norton AV (corporate edition) but that is just a complete piece of crap. I dumped it entirely and moved to the (cheaper) trend micro stuff once I scored a demo copy.

In terms of handling multi-OS'es, and yadda yadda yadda... that's why students have to meet a code of conduct and follow the rules. make one of those be that they have to comply with virus updates or scanning, or not have network access to the uni's network. Or, if you don't feel like being so heavy handed, you could offer supported AV platforms for different architectures and then support installing and updating them- say, emailing SARC updates instead of pushing them down, or whatever. I suppose that would depend on how fascist you want to be- I personally would lock down all computers that the uni owns, but personal machines would just have to meet the criteria that is set out in the usage policy (properly updated AV software that, if you want, we'll help you to install and keep updated.)

Anyhow, you need to take some hard steps at first to keep it in check, and then that makes it easier later.... good luck!

Scanmail for Exchange or whatever else it is you people use for uni email (I like the other 70-odd percent of corporate america use MS exchange, and it does it's job relatively well.) if you use something else like basic sendmail/smtp stuff they have products for those as well.
Trend Micro's desktop scanning software, no client required; you can either have it scan fileshares (ala NT c$ etc) or have the end user do it from a web page that starts a little java app and scans.

There's other stuff out there but honestly speaking, trend micro's stuff is pretty nice. I had a few probs with scanmail to start but got it sorted and it's worked great (ILOVEYOU and other VBS email stuff dropped dead.) We used to use norton AV (corporate edition) but that is just a complete piece of crap. I dumped it entirely and moved to the (cheaper) trend micro stuff once I scored a demo copy.

In terms of handling multi-OS'es, and yadda yadda yadda... that's why students have to meet a code of conduct and follow the rules. make one of those be that they have to comply with virus updates or scanning, or not have network access to the uni's network. Or, if you don't feel like being so heavy handed, you could offer supported AV platforms for different architectures and then support installing and updating them- say, emailing SARC updates instead of pushing them down, or whatever. I suppose that would depend on how fascist you want to be- I personally would lock down all computers that the uni owns, but personal machines would just have to meet the criteria that is set out in the usage policy (properly updated AV software that, if you want, we'll help you to install and keep updated.)

Anyhow, you need to take some hard steps at first to keep it in check, and then that makes it easier later.... good luck!

TrendMicro has a product that is an email gateway as well as an http proxy type thing and an ftp proxy type thing. These could help you keep the students from getting any viruses by making all students go through these gateways.

An AC says that this incident proves that Linux is not immune, that this is a wakeup call blah blah blah.

Linux is immune to this Gnutella worm. Wanna know why? If you had read the Trend Micro alert linked from the article, you would see that if executed, the file looks for C:\PROGRAM FILES\GNUTELLA. Got that on your Linux box? I think not. Even if you dual-boot, there would be no way to infect Linux while in the Windows partition or vice versa. As an extra bonus, the technical details page says that the affected OS is Windows 98. And it modifies the GNUTELLA.INI file. Got one of those on your Linux box? Again, I think not.

And it spreads by people executing downloaded copies with file extension .vbs. If you were in Linux, you'd see the extension. What with other recent outbreaks, you'd be a fool to run an unknown, unchecked VBS file in Windows.

An AC says that this incident proves that Linux is not immune, that this is a wakeup call blah blah blah.

Linux is immune to this Gnutella worm. Wanna know why? If you had read the Trend Micro alert linked from the article, you would see that if executed, the file looks for C:\PROGRAM FILES\GNUTELLA. Got that on your Linux box? I think not. Even if you dual-boot, there would be no way to infect Linux while in the Windows partition or vice versa. As an extra bonus, the technical details page says that the affected OS is Windows 98. And it modifies the GNUTELLA.INI file. Got one of those on your Linux box? Again, I think not.

And it spreads by people executing downloaded copies with file extension .vbs. If you were in Linux, you'd see the extension. What with other recent outbreaks, you'd be a fool to run an unknown, unchecked VBS file in Windows.

TrendMicro has a solution. I thought MacAfee did but I can't find it. I'd recommend talking to the guys and Sendmail.com and getting a referal from them (assuming you're using Sendmail).

I'm unaware of an open-source effort in this area, which is kind of surprising really, because it's an easy project and it would benefit substancially from having lots of eyeballs. I guess the shortage of good Linux viruses (thank God) is limiting growth in this area.