Hi Polonus,
Yes, Sober was pretty dominant here - and still is nasty.
But yesterday I got a new warning from the 'Waarschuwingsdienst' (warning service of the government):
WORM_MYTOB
Variant : Worm.Mytob.CG, Worm/Mytob.EA, Win32/Mytob.CZ,
W32/Mytob.gen@MM, Net-Worm.Win32.Mytob.bb,
Win32.Mytob.DM
Subject line of email:
- *DETECTED* Online User Violation
- *IMPORTANT* Please Validate Your Email Account
- *IMPORTANT* Your Account Has Been Locked
- *WARNING* Your Email Account Will Be Closed
- Account Alert
- Email Account Suspension
- Important Notification
- Notice of account limitation
- Notice: Last Warning
- Notice: Your email account will be suspended
- Security measures
- Your email account access is restricted
- Your Email Account is Suspended For Security Reasons
Content of email:
Once you have completed the form in the attached file , your
account records will not be interrupted and will continue as
normal.
- Please look at attached document.
- Please read the attached document and follow it's
instructions.
- Please see the attachement.
- The original message has been included as an attachment.
- To safeguard your email account from possible termination,
please see the attached file.
- To unblock your email account acces, please see the
attachement.
- We attached some important information regarding your
account.
- We have suspended some of your email services, to
resolve the problem you should read the attached
document.
- We regret to inform you that your account has been
suspended due to the violation of our site policy, more
info is attached.
Attachment file name:
- account-details
- document
- document_full
- email-doc
- email-info
- info
- information
- info-text
- instructions
- your_details
Extension:
- EXE
- PIF
- SCR
- ZIP
In the private sector in Holland the situation may be worse than in the U.S.A. Much more second hand and not updated computers. The networks are infested with all kinds of viruses and trojans, some of these very outdated and easily blocked. When I connect to the cable network, I'm always greeted by "DCOM-Exploit blocked" Then various portscans are tried and the firewall pop-ups appear at about every 15 minutes.
In my opinion, the Microsoft initiative to integrate the browser (in fact the LAN) with the kernel might give better protection. Their .NET is also closely connected with the kernel. The explanation that it harms the competition does not convince me. However, better protection is not full protection.
The fact that the Sober virus distributed this kind of messages, which are thus as virus associated with much damage, may be coincidence or intentional. Many viruses and trojans are quite sophisticated and must originate from real specialists, knowing exactly the weak spots and how to exploit them. It takes many years of hard labour to become so familiar with the Windows operating system and Assembler.
It is undoubtedly much safer to use only RTF in emails. But what about the browser, for the internet is based on a universal binary code? Active-X is an almost general means of control. It has been modified now, in a restricted sense. The .NET system would be more secure. Just like Java it comes with a large library, but as usual with MS most is encrypted. Whether .NET and the associated Csharp programming language is really a breakthrough in security respect ? Rather it is just an improvement.
At this moment my MSTask. engine is being contacted and blocked from using port 1025: Listener, Remote File Sharing ! A known IP from a Taiwanese network. Business as usual.
Met vriendelijke groeten,
Nicolas.