Slashdot Mirror

Information on the worm can be found here and here, and removal tools can be found here and here

Seems like the worm must be "human-activated", a user must manually click the link received through MSN to download the worm; that's what I understand from McAfee

It can't be harmful if it comes from a friend!

It might be interesting to note that another variation of this worm attacks darkprofits[.net|.com]. This site has been the victom of a series of joe-job spams.

Stories like this make me wonder if worms like nachi might actually be a good idea. Yeah, they can cause some network clogging when they spread, but maybe that would be a reasonable price to pay to wipe out the armies of zombie PCs that can be used for this kind of attack.

You didn't say "today." You said "lately."

you'd be suprised...

Altough most are worms, there are about 50-60 virus existing.

Symantec: 1592 results found (includes articles)
Mcafee: found 58 record(s) matching

Here is HouseCall - Their online free virus scanner.

Anyone without an antivirus program seriously needs to get one:

McAfee

Symantec (Norton)

Trend Micro

Just to name a few...

Here's a link to the Mcafee site re: the worm. Here's a link to the source code of the worm.

...has already been done.

Of course, just like everything else they're doing, they have to try and one-up everyone else somehow.

If she's using POP3 to download her mail I can heartily recommend SAProxy which encapsulates Spamassassin as a POP3 proxy with a nice Windows installer & configuration screens.

I have not used this one but have heard great things about it: spambayes, a Python based Bayeian classifier with nice plugin for Outlook 2000/XP.

Last but not least, since Mcaffee bought Deersoft you can expect that their next version of SpamKiller should be at least as good as Spamassassin Pro was.

how about a program on the site that executed an IE browser pointed to the McAfee or norton which are trusted third parties, have removal tools available and have authorative descriptions on what the virus does and instructions for its manual removal.

Care to back that up with references?

It is possible to activate the virus by viewing an infected email message within the Microsoft Outlook Preview Pane.

We used to think that you had to open or, in some case, preview a message for it to infect your system with a virus. It's now been proven that malicious code can enter your system via an Outlook mail message from the Internet -- even if you do not open or preview it. The flaw is in an Internet Explorer component that Outlook shares with Outlook Express. See Microsoft Security Bulletin (MS00-043) for more details and remedies.

Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Outlook® and Outlook Express. Under certain conditions, the vulnerability could allow a malicious user to cause code of his choice to execute on another user's computer.
The patch eliminates this vulnerability as well as those discussed in Microsoft Security Bulletins MS00-045 and MS00-046. Customers who already have taken the corrective action discussed in either of these bulletins do not need to take any additional action.

Affected Software:
# Microsoft Outlook Express 4.x
# Microsoft Outlook Express 5.x
# Microsoft Outlook 98
# Microsoft Outlook 2000

Win32/Bugbear.A@mm exploits a MIME vulnerability in Microsoft Outlook, Internet Explorer and Outlook Express, allowing an executable attachment to run automatically, even if you do not double-click on the attachment.

McAfee does have it.

Here is Symantec and mcafee info about that worm.

I haven't found anything on Symantec's site on this, but I did find McAfee's page Here

And the removal instructions

Google has a newsgroup post on the sucker

And here are some sample infection URLS for those who wish to catch the sucker or download the files for analysis:

Infect Me 1

Infect Me 2

A similar worm is described by Symantec here

It works in IE, but not Phoenix (Mozilla based browser)

You have to download the installer and the MSI file, which takes a while.

I went so far as to download the files, but didn't go past the first EULA to see the really bad one that's supposed to come during the second install, so I didn't see the text in a live install myself, just in the McAfee
writeup.

So I downloaded the Microsoft Installer SDK and decided to crack open the MSI install file. Accroding to Servant Salamander, the word "Outlook" was in "Friend Greetings.msi."

Then I decided, "To hell with it, it's in there as clear text anyway" and opened the install File with VIM. Here is the offending text:

1. Consent to E-Mail Your Contacts. As part of the installation process,
Permissioned Media will access your MicroSoft Outlook(r) Contacts list and
send an e-mail to persons on your Contacts list inviting them to download
FriendGreetings or related products. By downloading, installing,accessing
or using the FriendGreetings, you authorize Permissioned Media to access
your MicroSoft(r) Outlook(r) Contacts list and to send a personalized e-mail
message to persons on your Contact list. IF YOU DO NOT WANT US TO ACCESS
YOUR CONTACT LIST AND SEND AN E-MAIL MESSAGE TO PERSONS ON THAT LIST, DO
NOT DOWNLOAD, INSTALL, ACCESS OR USE FRIENDGREETINGS.

If anyone is interested, I'll e-mail out both EULAs. There's some rude stuff in there. (You agree to receive pop-up and pop-under ads and HTML e-mail for example)

Below is the original e-mail from Cheryl, for the sake of reference and forwarding:

--- Forwarded Message Follows-----
FYI...

It's not so much a virus as it is a potential worm. And it's an interesting one at that because it's a "permissive" worm. It banks on the fact that people install products without reading their EULAs. If you read the EULA they include, it specifically says that by accepting the EULA, you are giving them permission to send email to everyone in your MS Outlook Contact list!!!!! (I included the pics they sent us, but I'm not sure how many of you will actually see them).

Pretty fascinating, actually. And smart. Because people don't read EULAs! (Er, for Dad: EULA is "End User License Agreement" - and I'm guessing you and Steve read them because you are lawyers... ;) )

Ilene

-----Original Message-----
From: Kronos Norton AntiVirus
Sent: Friday, October 25, 2002 10:51 AM
To: All Kronos Employees
Subject: Please read about a potential virus....
Importance: High

Potential virus as a Greeting Card ~ Please be aware of this
potential threat via a web link.

Friendgreetings

iscovered on: October 24, 2002
Last Updated on: October 24, 2002 03:20:23 PM PDT
Symantec Security Response is aware of a widespread E-card which appears to have the characteristics of a worm. Security Response does not classify this as a malicious threat and as such will not detect any files associated with the E-card. The installation of software associated with the E-card requires the user's permission in order to perform it's mass-mailing capabilities. By cancelling the installation of the software, no worm-like activities will be performed. The recipient would recieve an email with the following characteristics:

Subject: %recipient% you have an E-Card from %sender%.
Message:
Greetings!

%sender% has sent you an E-Card -- a virtual postcard from FriendGreetings.com. You
can pickup your E-Card at the FriendGreetings.com by clicking on the link below.

http://www.friendgreetings.com/pickup/pickup.asp x? <extra contentremoved>

Message:
%recipient%
I sent you a greeting card. Please pick it up.
%sender%

When the link is followed, the recipient is asked to download some software in order to view the E-card.

The installer package will require the user to accept 2 End User License Agreements in order to complete the installation. The second EULA (see below) explicitly states that by accepting the agreement the end user is authorizing the software to send an email to all contacts in the Microsoft Outlook Contacts List. The email is formatted as displayed above.

If this agreement is not accepted, the installation is not complete and the software will not send a link to the www.friendgreetings.com website via email.

I haven't found anything on Symantec's site on this, but I did find McAfee's page Here

And the removal instructions

Google has a newsgroup post on the sucker

And here are some sample infection URLS for those who wish to catch the sucker or download the files for analysis:

Infect Me 1

Infect Me 2

A similar worm is described by Symantec here

It works in IE, but not Phoenix (Mozilla based browser)

You have to download the installer and the MSI file, which takes a while.

I went so far as to download the files, but didn't go past the first EULA to see the really bad one that's supposed to come during the second install, so I didn't see the text in a live install myself, just in the McAfee
writeup.

So I downloaded the Microsoft Installer SDK and decided to crack open the MSI install file. Accroding to Servant Salamander, the word "Outlook" was in "Friend Greetings.msi."

Then I decided, "To hell with it, it's in there as clear text anyway" and opened the install File with VIM. Here is the offending text:

1. Consent to E-Mail Your Contacts. As part of the installation process,
Permissioned Media will access your MicroSoft Outlook(r) Contacts list and
send an e-mail to persons on your Contacts list inviting them to download
FriendGreetings or related products. By downloading, installing,accessing
or using the FriendGreetings, you authorize Permissioned Media to access
your MicroSoft(r) Outlook(r) Contacts list and to send a personalized e-mail
message to persons on your Contact list. IF YOU DO NOT WANT US TO ACCESS
YOUR CONTACT LIST AND SEND AN E-MAIL MESSAGE TO PERSONS ON THAT LIST, DO
NOT DOWNLOAD, INSTALL, ACCESS OR USE FRIENDGREETINGS.

If anyone is interested, I'll e-mail out both EULAs. There's some rude stuff in there. (You agree to receive pop-up and pop-under ads and HTML e-mail for example)

Below is the original e-mail from Cheryl, for the sake of reference and forwarding:

--- Forwarded Message Follows-----
FYI...

It's not so much a virus as it is a potential worm. And it's an interesting one at that because it's a "permissive" worm. It banks on the fact that people install products without reading their EULAs. If you read the EULA they include, it specifically says that by accepting the EULA, you are giving them permission to send email to everyone in your MS Outlook Contact list!!!!! (I included the pics they sent us, but I'm not sure how many of you will actually see them).

Pretty fascinating, actually. And smart. Because people don't read EULAs! (Er, for Dad: EULA is "End User License Agreement" - and I'm guessing you and Steve read them because you are lawyers... ;) )

Ilene

-----Original Message-----
From: Kronos Norton AntiVirus
Sent: Friday, October 25, 2002 10:51 AM
To: All Kronos Employees
Subject: Please read about a potential virus....
Importance: High

Potential virus as a Greeting Card ~ Please be aware of this
potential threat via a web link.

Friendgreetings

iscovered on: October 24, 2002
Last Updated on: October 24, 2002 03:20:23 PM PDT
Symantec Security Response is aware of a widespread E-card which appears to have the characteristics of a worm. Security Response does not classify this as a malicious threat and as such will not detect any files associated with the E-card. The installation of software associated with the E-card requires the user's permission in order to perform it's mass-mailing capabilities. By cancelling the installation of the software, no worm-like activities will be performed. The recipient would recieve an email with the following characteristics:

Subject: %recipient% you have an E-Card from %sender%.
Message:
Greetings!

%sender% has sent you an E-Card -- a virtual postcard from FriendGreetings.com. You
can pickup your E-Card at the FriendGreetings.com by clicking on the link below.

http://www.friendgreetings.com/pickup/pickup.asp x? <extra contentremoved>

Message:
%recipient%
I sent you a greeting card. Please pick it up.
%sender%

When the link is followed, the recipient is asked to download some software in order to view the E-card.

The installer package will require the user to accept 2 End User License Agreements in order to complete the installation. The second EULA (see below) explicitly states that by accepting the agreement the end user is authorizing the software to send an email to all contacts in the Microsoft Outlook Contacts List. The email is formatted as displayed above.

If this agreement is not accepted, the installation is not complete and the software will not send a link to the www.friendgreetings.com website via email.

This adware/worm is a pain, we got to slog through it yesterday. Mcaffee has info on it [mcaffee.com> as well. Unlike Symantec, they actually include removal instructions (if you trust them) and their software will detect and remove it.

Klez did this as well. Also, Melissa turned off Word's security protection.

his recovery disks are nothing more than hard drive images. He can reinstall Windows and MSOffice in ten minutes.

And how long does it take to install the rest of the applications (virus checker, firewall, compiler, decent RGB image editor, non-bloated media player, etc) that are either obviated in the UNIX architecture or installed with Mandrake?

And how long does it take to backup the user's data and restore it after re-installation? Most of the computers that come with Ghost restore disks do not use a separate partition for My Documents; they just wipe out all the user's precious data on re-install.

In addition to detecting and filtering out great site like SourceForge, how about trying to detect when your corporate computers try to send me this.

Linux Mandrake is just the latest in a long line of quirkily christened versions of Linux. Previous versions of Linux have been named Red Hat, Slack Ware, Storm and Coral. In stark contrast to the mundane names such as 98, ME or NT preferred by Microsoft, the crazy names of each Linux release hint at its renegade nature.

My foray into the world of Linux began by downloading a "CD image" from the Linux web site. But don't worry, this isn't software piracy, it's perfectly legal! Linux is shareware, meaning that it can be freely redistributed without fear of a visit by the Business Software Alliance. The free availability of Linux is a major reason for its popularity among cash-strapped students and self-styled anti-capitalist hackers.

Before installing new software, it is always advisable to read the documentation. Unfortunately, an unpleasant surprise was in store for me in the "required configuration" section of the manual. I was shocked to learn that Linux Mandrake only runs on Pentium processors, meaning that my hopes of testing the water with my old Gateway 486 were dashed. Furthermore, a whopping 32 megabytes of memory are required to run Linux! Although the advocates of Linux self-righteously boast the efficiency of their chosen operating system and deride the "bloatware" produced by Microsoft, it appears that their claims are blatantly incorrect. Although my humble 486 will happily run Windows 95, it seems that Linux requires far more powerful, and more expensive, computer hardware. Is this really the sign of a lean, mean operating system? Of course not.

Sadly, not even being able to install Linux is just the first of my many complaints. A brief perusal of the features of Linux Mandrake reveals that Linux is sorely lacking many crucial productivity applications. For example, why isn't the industry standard web browser, Internet Explorer, included with Linux? Despite the best efforts of the experts at the Internet Engineering Task Force to encourage adoption of the Internet Explorer standard, the creators of Linux seem to think that they know better. By refusing to adhere to recognised standards, Linux is simply undermining its own credibility.

Similarly, almost all of the world's most popular and widely used software is completely incompatible with Linux! It may surprise you to learn that your copy of Microsoft Office, Outlook Express, or Lotus Notes will not work under Linux. Those who wish to use their computer for recreational purposes are also out of luck, for almost all of the most popular games are unavailable for Linux. Although a wide range of software is freely available for Linux, these pitiful offerings are mostly unfinished, unreliable and do not bear comparison to their commercial counterparts.

Computer security is also an area that seems to have been overlooked by the developers of Linux. In these times when hacking and viruses are commonplace, it defies belief to learn that no anti-virus software is available for Linux. To add insult to injury, there is no Linux version of the popular ZoneAlarm firewall. By using Linux, you are issuing an open invitation to the hordes of ne'er-do-wells on the Internet.

The shortcomings of Linux are obvious. Without even installing Linux Mandrake, I have exposed several fundamental flaws. Surely it is not too much to expect that, after ten years of development, the creators of Linux would have addressed these problems? The real question that the prospective Linux user must ask himself is, "Why bother?" After all, Microsoft Windows comes free with most PCs and there simply isn't a need to replace it, particularly not with a product of inferior quality.

Although it is always tempting to support the underdog, Windows XP will be the deserved victor in the battle ahead. I recommend that those Adequacy readers who are hoping to upgrade their operating system patiently wait for the release of Windows XP, rather than foolishly wasting their time, effort and money on Linux.

at McAfee's website here

btw the linux version has been known about for a few weeks now according to their dates.

but anyways when the original variant came out in February they state...

The sample of this virus was sent on 14 Feb 2002 to fourteen different AV companies by the virus author. In about 2 weeks the virus sample was also circulated in an electronic magazine distributed by 29A virus writing group (version 1b).

lots of info about what it actually does to windows machines there, but almost nothing about what it does on Linux

the worm has the ability to spoof the From: field (often set to an address found on the victim machine).

So Klez works even by simply previewing the message and launches itself. It has its own mail sending engine, and forges the From: field to look like it's real. It also copies past Subject: fields to fool the recipient.

But this time, our little friend Klez has brought his little friend Elkern32. This nasty little guy infects executables on the infected computer, and is also network aware and infects files across the network. So even people who didn't use Outlook were infected. Some people had hundreds of infected programs on their computer.

And a cool thing about Elkern is that it can randomly overwrite a files bytes with all zeroes, while maintaining the file length. It can be nasty.

All this because no one updates their virus definitions.

Muerte

what is Sub7?
It's a Trojan Horse.

How come Microsoft never included any kind of antivirus program per default in any windows package?

They did. Plus! for Windows 98 came with McAfee.

Over at mcafee's website, this image leads to this site. I've seen these fake search windows on other sites, but mcafee is one of the main places people go to check out virus hoaxes etc. That site caters to the end user, as mcafee has another domain for the pros (nai.com or mcafeeb2b.com)I just think it's pretty shady to set up a site for users and then use tricky ads.

Over at mcafee's website, this image leads to this site. I've seen these fake search windows on other sites, but mcafee is one of the main places people go to check out virus hoaxes etc. That site caters to the end user, as mcafee has another domain for the pros (nai.com or mcafeeb2b.com)I just think it's pretty shady to set up a site for users and then use tricky ads.

it's your damn fauly, if the servers were patched, the worm never would have spread! Don't just blame MS, their products, but lazy admins are a major part of the outlook/iis worm recipe.

While I agree that Admins need to keep on top of patches, Nimda can still spread even with patched servers. It self-propagates through Outlook (along with doing a ton of other things), so even having patched IIS servers won't totally stop it. Sure, it won't hurt, but it won't eliminate the threat either.

Im personally using Mcafee, mainly because i have good experiences with it from work where we have it running both on all windows clients and linux file servers. And if you aren't behind a "real" firewall it does come with McAfee firewall included, which i haven't actually tried myself. I think there is a trial version but im not sure. And if you like all kinds of other crap^H^H^H^Hutilities then you can get it from McAfee as well.

An alternative i have heard some good things about though is Panda antivirus. One of the good things is that you can get an evalution version so you can try it before shelling out the money.

Another one i haven't seen mentioned on here, and that i actually own but havent tried (came with my motherboard) is PC-cillin. This one allows you to download an evaluation version as well.

I could mention a few others, but they have already been mentioned by others... (Norton antivirus for instance)

The US could, by legislation, prohibit U.S. companies from assisting with censorship in selected countries. There's an analogy to the Arab boycott of Israel [us-israel.org], which led to lobbying by Israel for U.S. laws prohibiting American companies from cooperating with the Arab boycott.

You are absolutely right. Legislation should quickly pass the law to cease the operation of immoral companies whom allow keylogging software from spying citizens' activities. Also, American companies should also join the boycott of the oppressive Government who creates a big database monitoring citizens' emails.

Oh wait.

The Linux operating system was born in 1991 and was created by one man, a
Finnish student coincidentally named Linux Torvalds. Since these humble
beginnings, a multi-million dollar
industry has sprung up to exploit the commercial potential of Linux, but
until recently Linux has eluded mainstream acceptance. However, due to the
recent economic downturn together with uncertainty over changes to Microsoft's pricing policy, Linux is
now being touted as a serious contender to Microsoft Windows. While there
are many other alternatives to Windows, including BSD which is based on SUN's (Stanford University Network - correction by bc) server-grade Solaris operating system,
none have commanded the same level of media attention as Linux.

Linux Mandrake is just the
latest in a long line of quirkily christened versions of Linux. Previous
versions of Linux have been named Red Hat, Slack Ware,
Storm and Coral. In stark contrast to the mundane names such
as 98, ME or NT preferred by Microsoft, the crazy
names of each Linux release hint at its renegade nature.

My foray into the world of Linux began by downloading a "CD image" from
the Linux web site. But don't worry, this isn't software piracy, it's
perfectly legal! Linux is shareware, meaning that it can be freely
redistributed without fear of a visit by the Business Software Alliance. The free
availability of Linux is a major reason for its popularity among
cash-strapped students and self-styled anti-capitalist hackers.

Before installing new software, it is always advisable to read the
documentation. Unfortunately, an unpleasant surprise was in store for me
in the "required configuration" section of the manual.
I was shocked to learn that Linux Mandrake only runs on Pentium
processors, meaning that my hopes of testing the water with my old Gateway 486 were dashed. Furthermore, a
whopping 32 megabytes of memory are required to run Linux! Although the advocates of Linux self-righteously
boast the efficiency of their chosen operating system and deride the
"bloatware" produced by Microsoft, it appears that their claims are
blatantly incorrect. Although my humble 486 will happily run Windows 95,
it seems that Linux requires far more powerful, and more expensive,
computer hardware. Is this really the sign of a lean, mean operating system?
Of course not.

Sadly, not even being able to install Linux is just the first of my many
complaints. A brief perusal of the
features of Linux Mandrake reveals that Linux is sorely lacking many
crucial productivity applications. For example, why isn't the industry
standard web browser, Internet Explorer, included with Linux? Despite the
best efforts of the experts at the Internet
Engineering Task Force to encourage adoption of the Internet Explorer
standard, the creators of Linux seem to think that they know better. By
refusing to adhere to recognised standards, Linux is simply undermining
its own credibility.

Similarly, almost all of the world's most popular and widely used software
is completely incompatible with Linux! It may surprise you to learn that
your copy of Microsoft Office, Outlook Express, or Lotus Notes will not
work under Linux. Those who wish to use their computer for recreational
purposes are also out of luck, for almost all of the most popular games
are unavailable for Linux. Although a wide range of software is freely
available for Linux, these pitiful offerings are mostly unfinished, unreliable and do not
bear comparison to their commercial counterparts.

Computer security is also an area that seems to have been overlooked by
the developers of Linux. In these times when hacking and viruses are
commonplace, it defies belief to learn that no anti-virus software is available for
Linux. To add insult to injury, there is no Linux version of the popular
ZoneAlarm firewall. By using Linux,
you are issuing an open invitation to the hordes of ne'er-do-wells on the
Internet.

The shortcomings of Linux are obvious. Without even installing Linux
Mandrake, I have exposed several fundamental flaws. Surely it is not too
much to expect that, after ten years of development, the creators of Linux
would have addressed these problems? The real question that the
prospective Linux user must ask himself is, "Why bother?" After all,
Microsoft Windows comes free with most PCs and there simply isn't a need
to replace it, particularly not with a product of inferior quality.

Although it is always tempting to support the underdog, Windows XP will
be the deserved victor in the battle ahead. I recommend that those
Adequacy readers who are hoping to upgrade their operating system
patiently wait for the release of Windows XP, rather than foolishly
wasting their time, effort and money on Linux.

Nope.

The AV companies support spyware, and say that
reports of spyware as "trojans" are hoaxes
and lies. In part because they are afraid of
being sued, and in part because they don't want to
start any "range wars" over detecting each other's
(AV company subsidiary) spyware as hostile.

Sample:&nbsp:
McAfee makes false statements
about what the Aureate Media trojan does, and
files unvavorable facts about Aureate in the
"false rumors" department.

SongSpy, now in version XE Beta 2.0, is installing a very nasty spyware app called FTapp without users' knowledge whatsoever - not in the license agreement that users have to agree to when they install SongSpy, nor in the FAQ on their website.

In fact, their FAQ says this (here):

"What is your privacy policy?

"We're still working on pulling together a formal policy in full-blown legalese. But rest assured that we ourselves are privacy zealots and won't be doing anything remotely devious with the information you provide us. Also, we take pride in how little we know about what you are doing on SongSpy, you aren't tracked, logged, or monitored for analysis by the client software."

I looked up FTapp with Google and found nary any info, except for a virus entry for FTapp in McAfee's Virus Information Library. FTapp's entry in McAfee's Virus Information Library says the following:

"Virus Characteristics: This is an advertising/user monitoring trojan. Once running this trojan may track your web browsing activity and/or display advertisements.

"Indications Of Infection: Presence of the file FTAPP.DLL

"Method Of Infection: This trojan is installed via an executable.

"Removal Instructions: Use specified engine and DAT files for detection. Use the ADD/REMOVE Programs Control Panel in Windows to remove this program."

In fact, an entry for FTapp is in the Add/Remove Program applet of Windows' Control Panel. But, if you try to remove it, it says that there was an error and asks if you wish to just remove the install entry from Add/Remove Programs. Thus, FTapp CANNOT be uninstalled this way; it will remain.

At the time I discovered FTapp on my system, I assumed that the next step was to just delete the (unhidden) folder C:\Program Files\ftapp. I've done this and haven't had any problems yet.

The folder C:\Program Files\ftapp contains two files: FTapp.dll and FTapp.mon. Viewing the properties sheet for FTapp.dll didn't reveal much, but opening FTapp.mon was my greatest cause for alarm. In it appears to be lots of websites I've visited recently.

SongSpy users cannot even contact SongSpy, either. Their support, in its entirety, is the FAQ, and the only way they have set up to be contacted (here) is at staff@songspy.com, and only for business proposals or if someone is from the media (hint hint).

Also, iMesh 3.0 was just released this week, and it contains something called FTPBack/FTP_back/FTP Back. Also stealth, it's installed automatically during iMesh 3.0 setup and without users' knowledge and is set to run at Windows startup using the Windows Registry's Run key...

SongSpy, now in version XE Beta 2.0, is installing a very nasty spyware app called FTapp without users' knowledge whatsoever - not in the license agreement that users have to agree to when they install SongSpy, nor in the FAQ on their website.

In fact, their FAQ says this (here):

"What is your privacy policy?

"We're still working on pulling together a formal policy in full-blown legalese. But rest assured that we ourselves are privacy zealots and won't be doing anything remotely devious with the information you provide us. Also, we take pride in how little we know about what you are doing on SongSpy, you aren't tracked, logged, or monitored for analysis by the client software."

I looked up FTapp with Google and found nary any info, except for a virus entry for FTapp in McAfee's Virus Information Library. FTapp's entry in McAfee's Virus Information Library says the following:

"Virus Characteristics: This is an advertising/user monitoring trojan. Once running this trojan may track your web browsing activity and/or display advertisements.

"Indications Of Infection: Presence of the file FTAPP.DLL

"Method Of Infection: This trojan is installed via an executable.

"Removal Instructions: Use specified engine and DAT files for detection. Use the ADD/REMOVE Programs Control Panel in Windows to remove this program."

In fact, an entry for FTapp is in the Add/Remove Program applet of Windows' Control Panel. But, if you try to remove it, it says that there was an error and asks if you wish to just remove the install entry from Add/Remove Programs. Thus, FTapp CANNOT be uninstalled this way; it will remain.

At the time I discovered FTapp on my system, I assumed that the next step was to just delete the (unhidden) folder C:\Program Files\ftapp. I've done this and haven't had any problems yet.

The folder C:\Program Files\ftapp contains two files: FTapp.dll and FTapp.mon. Viewing the properties sheet for FTapp.dll didn't reveal much, but opening FTapp.mon was my greatest cause for alarm. In it appears to be lots of websites I've visited recently.

SongSpy users cannot even contact SongSpy, either. Their support, in its entirety, is the FAQ, and the only way they have set up to be contacted (here) is at staff@songspy.com, and only for business proposals or if someone is from the media (hint hint).

Also, iMesh 3.0 was just released this week, and it contains something called FTPBack/FTP_back/FTP Back. Also stealth, it's installed automatically during iMesh 3.0 setup and without users' knowledge and is set to run at Windows startup using the Windows Registry's Run key...

The Linux operating system was born in 1991 and was created by one man, a
Finnish student coincidentally named Linux Torvalds. Since these humble
beginnings, a multi-million dollar
industry has sprung up to exploit the commercial potential of Linux, but
until recently Linux has eluded mainstream acceptance. However, due to the
recent economic downturn together with uncertainty over changes to Microsoft's pricing policy, Linux is
now being touted as a serious contender to Microsoft Windows. While there
are many other alternatives to Windows, including BSD which is based on SUN's (Stanford University Network - correction by bc) server-grade Solaris operating system,
none have commanded the same level of media attention as Linux.

Linux Mandrake is just the
latest in a long line of quirkily christened versions of Linux. Previous
versions of Linux have been named Red Hat, Slack Ware,
Storm and Coral. In stark contrast to the mundane names such
as 98, ME or NT preferred by Microsoft, the crazy
names of each Linux release hint at its renegade nature.

My foray into the world of Linux began by downloading a "CD image" from
the Linux web site. But don't worry, this isn't software piracy, it's
perfectly legal! Linux is shareware, meaning that it can be freely
redistributed without fear of a visit by the Business Software Alliance. The free
availability of Linux is a major reason for its popularity among
cash-strapped students and self-styled anti-capitalist hackers.

Before installing new software, it is always advisable to read the
documentation. Unfortunately, an unpleasant surprise was in store for me
in the "required configuration" section of the manual.
I was shocked to learn that Linux Mandrake only runs on Pentium
processors, meaning that my hopes of testing the water with my old Gateway 486 were dashed. Furthermore, a
whopping 32 megabytes of memory are required to run Linux! Although the advocates of Linux self-righteously
boast the efficiency of their chosen operating system and deride the
"bloatware" produced by Microsoft, it appears that their claims are
blatantly incorrect. Although my humble 486 will happily run Windows 95,
it seems that Linux requires far more powerful, and more expensive,
computer hardware. Is this really the sign of a lean, mean operating system?
Of course not.

Sadly, not even being able to install Linux is just the first of my many
complaints. A brief perusal of the
features of Linux Mandrake reveals that Linux is sorely lacking many
crucial productivity applications. For example, why isn't the industry
standard web browser, Internet Explorer, included with Linux? Despite the
best efforts of the experts at the Internet
Engineering Task Force to encourage adoption of the Internet Explorer
standard, the creators of Linux seem to think that they know better. By
refusing to adhere to recognised standards, Linux is simply undermining
its own credibility.

Similarly, almost all of the world's most popular and widely used software
is completely incompatible with Linux! It may surprise you to learn that
your copy of Microsoft Office, Outlook Express, or Lotus Notes will not
work under Linux. Those who wish to use their computer for recreational
purposes are also out of luck, for almost all of the most popular games
are unavailable for Linux. Although a wide range of software is freely
available for Linux, these pitiful offerings are mostly unfinished, unreliable and do not
bear comparison to their commercial counterparts.

Computer security is also an area that seems to have been overlooked by
the developers of Linux. In these times when hacking and viruses are
commonplace, it defies belief to learn that no anti-virus software is available for
Linux. To add insult to injury, there is no Linux version of the popular
ZoneAlarm firewall. By using Linux,
you are issuing an open invitation to the hordes of ne'er-do-wells on the
Internet.

The shortcomings of Linux are obvious. Without even installing Linux
Mandrake, I have exposed several fundamental flaws. Surely it is not too
much to expect that, after ten years of development, the creators of Linux
would have addressed these problems? The real question that the
prospective Linux user must ask himself is, "Why bother?" After all,
Microsoft Windows comes free with most PCs and there simply isn't a need
to replace it, particularly not with a product of inferior quality.

Although it is always tempting to support the underdog, Windows XP will
be the deserved victor in the battle ahead. I recommend that those
Adequacy readers who are hoping to upgrade their operating system
patiently wait for the release of Windows XP, rather than foolishly
wasting their time, effort and money on Linux.

Maybe you'd like to know how McAfee assess risk?

There are also more details available about AVERT Risk Assessment if you are really interested.

-- Pete.

Maybe you'd like to know how McAfee assess risk?

There are also more details available about AVERT Risk Assessment if you are really interested.

-- Pete.

Most sensible organisations will already be blocking .pif files in mail - this virus is already known by McAfee as W32/Shoho@MM and they have detailed it as a LOW risk worm.

On another note, I hope Slashdot isn't going to run a story on every new virus that gets released...

-- Pete.

The Linux operating system was born in 1991 and was created by one man, a Finnish student coincidentally named Linux Torvalds. Since these humble beginnings, a multi-million dollar industry has sprung up to exploit the commercial potential of Linux, but until recently Linux has eluded mainstream acceptance. However, due to the recent economic downturn together with uncertainty over changes to Microsoft's pricing policy, Linux is now being touted as a serious contender to Microsoft Windows. While there are many other alternatives to Windows, including BSD which is based on SUN's (Stanford University Network - correction by bc) server-grade Solaris operating system, none have commanded the same level of media attention as Linux.

Linux Mandrake is just the latest in a long line of quirkily christened versions of Linux. Previous versions of Linux have been named Red Hat, Slack Ware, Storm and Coral. In stark contrast to the mundane names such as 98, ME or NT preferred by Microsoft, the crazy names of each Linux release hint at its renegade nature.

My foray into the world of Linux began by downloading a "CD image" from the Linux web site. But don't worry, this isn't software piracy, it's perfectly legal! Linux is shareware, meaning that it can be freely redistributed without fear of a visit by the Business Software Alliance. The free availability of Linux is a major reason for its popularity among cash-strapped students and self-styled anti-capitalist hackers.

Before installing new software, it is always advisable to read the documentation. Unfortunately, an unpleasant surprise was in store for me in the "required configuration" section of the manual. I was shocked to learn that Linux Mandrake only runs on Pentium processors, meaning that my hopes of testing the water with my old Gateway 486 were dashed. Furthermore, a whopping 32 megabytes of memory are required to run Linux! Although the advocates of Linux self-righteously boast the efficiency of their chosen operating system and deride the "bloatware" produced by Microsoft, it appears that their claims are blatantly incorrect. Although my humble 486 will happily run Windows 95, it seems that Linux requires far more powerful, and more expensive, computer hardware. Is this really the sign of a lean, mean operating system? Of course not.

Sadly, not even being able to install Linux is just the first of my many complaints. A brief perusal of the features of Linux Mandrake reveals that Linux is sorely lacking many crucial productivity applications. For example, why isn't the industry standard web browser, Internet Explorer, included with Linux? Despite the best efforts of the experts at the Internet Engineering Task Force to encourage adoption of the Internet Explorer standard, the creators of Linux seem to think that they know better. By refusing to adhere to recognised standards, Linux is simply undermining its own credibility.

Similarly, almost all of the world's most popular and widely used software is completely incompatible with Linux! It may surprise you to learn that your copy of Microsoft Office, Outlook Express, or Lotus Notes will not work under Linux. Those who wish to use their computer for recreational purposes are also out of luck, for almost all of the most popular games are unavailable for Linux. Although a wide range of software is freely available for Linux, these pitiful offerings are mostly unfinished, unreliable and do not bear comparison to their commercial counterparts.

Computer security is also an area that seems to have been overlooked by the developers of Linux. In these times when hacking and viruses are commonplace, it defies belief to learn that no anti-virus software is available for Linux. To add insult to injury, there is no Linux version of the popular ZoneAlarm firewall. By using Linux, you are issuing an open invitation to the hordes of ne'er-do-wells on the Internet.

The shortcomings of Linux are obvious. Without even installing Linux Mandrake, I have exposed several fundamental flaws. Surely it is not too much to expect that, after ten years of development, the creators of Linux would have addressed these problems? The real question that the prospective Linux user must ask himself is, "Why bother?" After all, Microsoft Windows comes free with most PCs and there simply isn't a need to replace it, particularly not with a product of inferior quality.

Although it is always tempting to support the underdog, Windows XP will be the deserved victor in the battle ahead. I recommend that those Adequacy readers who are hoping to upgrade their operating system patiently wait for the release of Windows XP, rather than foolishly wasting their time, effort and money on Linux.

I got one today and didn't get bit, I keep the Preview pane turned to OFF, Works well to keep those HTML email that register who is opening their mail so they can keep you on as an active victim. (err, client). Using simple precautions keeps away most virii.

Additionally You can look and see what attachments are in a message in outlook without reading the message.

In Outlook Right-Click and select view attachment. It will display something like "gone.src"

BTW, The actual URL of Mcafee's site is http://www.mcafee.com/anti-virus/

Try this link here

http://www.mcafee.com/anti-virus/viruses/goner/def ault.asp?cid=2636

First off, the McAffee link in the story is broken. The real link is http://vil.mcafee.com/dispVirus.asp?virus_k=99272& .

Second, I don't know what "non-destructive" means in this context, because when something terminates processes (ZONEALARM.EXE, SAFEWEB.EXE, and VSHWIN32.EXE to name a few) and tries to delete all files in the directory containing the executable of the process, I call that destructive.

The story had a few errors:

1. The McAfeelink is here.
2. It's 159 KB, not 159 bytes.
3. It isn't non destructive-- it's desiged to remove many popular anti-virus products. See the McAfee article.

In case you want to shout at them about how you'll not buy any more of their products. Maybe if McAfee understands how stupid this is, they'll change their minds (hahaha, right).

http://www.mcafee.com/aboutus/contact_us.asp?

McAfee.com Corporate Headquarters
McAfee.com
535 Oakmead Parkway
Sunnyvale, CA 94085
USA

Telephone: (408) 992-8100
Fax: (408) 720-8450

well known vulnerabilities? in other words, if your doing something illegal - go buy a copy of virus scan, or just wipe your drive and install linux

The Linux operating system was born in 1991 and was created by one man, a
Finnish student coincidentally named Linux Torvalds. Since these humble
beginnings, a multi-million dollar
industry has sprung up to exploit the commercial potential of Linux, but
until recently Linux has eluded mainstream acceptance. However, due to the
recent economic downturn together with uncertainty over changes to Microsoft's pricing policy, Linux is
now being touted as a serious contender to Microsoft Windows. While there
are many other alternatives to Windows, including BSD which is based on SUN's (Stanford University Network - correction by bc) server-grade Solaris operating system,
none have commanded the same level of media attention as Linux.

Linux Mandrake is just the
latest in a long line of quirkily christened versions of Linux. Previous
versions of Linux have been named Red Hat, Slack Ware,
Storm and Coral. In stark contrast to the mundane names such
as 98, ME or NT preferred by Microsoft, the crazy
names of each Linux release hint at its renegade nature.

My foray into the world of Linux began by downloading a "CD image" from
the Linux web site. But don't worry, this isn't software piracy, it's
perfectly legal! Linux is shareware, meaning that it can be freely
redistributed without fear of a visit by the Business Software Alliance. The free
availability of Linux is a major reason for its popularity among
cash-strapped students and self-styled anti-capitalist hackers.

Before installing new software, it is always advisable to read the
documentation. Unfortunately, an unpleasant surprise was in store for me
in the "required configuration" section of the manual.
I was shocked to learn that Linux Mandrake only runs on Pentium
processors, meaning that my hopes of testing the water with my old Gateway 486 were dashed. Furthermore, a
whopping 32 megabytes of memory are required to run Linux! Although the advocates of Linux self-righteously
boast the efficiency of their chosen operating system and deride the
"bloatware" produced by Microsoft, it appears that their claims are
blatantly incorrect. Although my humble 486 will happily run Windows 95,
it seems that Linux requires far more powerful, and more expensive,
computer hardware. Is this really the sign of a lean, mean operating system?
Of course not.

Sadly, not even being able to install Linux is just the first of my many
complaints. A brief perusal of the
features of Linux Mandrake reveals that Linux is sorely lacking many
crucial productivity applications. For example, why isn't the industry
standard web browser, Internet Explorer, included with Linux? Despite the
best efforts of the experts at the Internet
Engineering Task Force to encourage adoption of the Internet Explorer
standard, the creators of Linux seem to think that they know better. By
refusing to adhere to recognised standards, Linux is simply undermining
its own credibility.

Similarly, almost all of the world's most popular and widely used software
is completely incompatible with Linux! It may surprise you to learn that
your copy of Microsoft Office, Outlook Express, or Lotus Notes will not
work under Linux. Those who wish to use their computer for recreational
purposes are also out of luck, for almost all of the most popular games
are unavailable for Linux. Although a wide range of software is freely
available for Linux, these pitiful offerings are mostly unfinished, unreliable and do not
bear comparison to their commercial counterparts.

Computer security is also an area that seems to have been overlooked by
the developers of Linux. In these times when hacking and viruses are
commonplace, it defies belief to learn that no anti-virus software is available for
Linux. To add insult to injury, there is no Linux version of the popular
ZoneAlarm firewall. By using Linux,
you are issuing an open invitation to the hordes of ne'er-do-wells on the
Internet.

The shortcomings of Linux are obvious. Without even installing Linux
Mandrake, I have exposed several fundamental flaws. Surely it is not too
much to expect that, after ten years of development, the creators of Linux
would have addressed these problems? The real question that the
prospective Linux user must ask himself is, "Why bother?" After all,
Microsoft Windows comes free with most PCs and there simply isn't a need
to replace it, particularly not with a product of inferior quality.

Although it is always tempting to support the underdog, Windows XP will
be the deserved victor in the battle ahead. I recommend that those
Adequacy readers who are hoping to upgrade their operating system
patiently wait for the release of Windows XP, rather than foolishly
wasting their time, effort and money on Linux.

Linux Mandrake is just the latest in a long line of quirkily christened versions of Linux. Previous versions of Linux have been named Red Hat, Slack Ware, Storm and Coral. In stark contrast to the mundane names such as 98, ME or NT preferred by Microsoft, the crazy names of each Linux release hint at its renegade nature.

My foray into the world of Linux began by downloading a "CD image" from the Linux web site. But don't worry, this isn't software piracy, it's perfectly legal! Linux is shareware, meaning that it can be freely redistributed without fear of a visit by the Business Software Alliance. The free availability of Linux is a major reason for its popularity among cash-strapped students and self-styled anti-capitalist hackers.

Before installing new software, it is always advisable to read the documentation. Unfortunately, an unpleasant surprise was in store for me in the "required configuration" section of the manual. I was shocked to learn that Linux Mandrake only runs on Pentium processors, meaning that my hopes of testing the water with my old Gateway 486 were dashed. Furthermore, a whopping 32 megabytes of memory are required to run Linux! Although the advocates of Linux self-righteously boast the efficiency of their chosen operating system and deride the "bloatware" produced by Microsoft, it appears that their claims are blatantly incorrect. Although my humble 486 will happily run Windows 95, it seems that Linux requires far more powerful, and more expensive, computer hardware. Is this really the sign of a lean, mean operating system? Of course not.

Sadly, not even being able to install Linux is just the first of my many complaints. A brief perusal of the features of Linux Mandrake reveals that Linux is sorely lacking many crucial productivity applications. For example, why isn't the industry standard web browser, Internet Explorer, included with Linux? Despite the best efforts of the experts at the Internet Engineering Task Force to encourage adoption of the Internet Explorer standard, the creators of Linux seem to think that they know better. By refusing to adhere to recognised standards, Linux is simply undermining its own credibility.

Similarly, almost all of the world's most popular and widely used software is completely incompatible with Linux! It may surprise you to learn that your copy of Microsoft Office, Outlook Express, or Lotus Notes will not work under Linux. Those who wish to use their computer for recreational purposes are also out of luck, for almost all of the most popular games are unavailable for Linux. Although a wide range of software is freely available for Linux, these pitiful offerings are mostly unfinished, unreliable and do not bear comparison to their commercial counterparts.

Computer security is also an area that seems to have been overlooked by the developers of Linux. In these times when hacking and viruses are commonplace, it defies belief to learn that no anti-virus software is available for Linux. To add insult to injury, there is no Linux version of the popular ZoneAlarm firewall. By using Linux, you are issuing an open invitation to the hordes of ne'er-do-wells on the Internet.

The shortcomings of Linux are obvious. Without even installing Linux Mandrake, I have exposed several fundamental flaws. Surely it is not too much to expect that, after ten years of development, the creators of Linux would have addressed these problems? The real question that the prospective Linux user must ask himself is, "Why bother?" After all, Microsoft Windows comes free with most PCs and there simply isn't a need to replace it, particularly not with a product of inferior quality.

Although it is always tempting to support the underdog, Windows XP will be the deserved victor in the battle ahead. I recommend that those Adequacy readers who are hoping to upgrade their operating system patiently wait for the release of Windows XP, rather than foolishly wasting their time, effort and money on Linux.

Its a Virus.

Don't use Norton. I have personally seen it cause so many problems, it isn't even worth the protection it offers.

The best AV software I have seen currently is McAfee. One possible solution with McAfee is to just register on the website, and you can run the virus scan right off their website.