OS/400 Alert: Virus Targets AIM
February 18, 2004 Shannon O'Donnell
Do you use the AOL Instant Messenger program to communicate with your friends and coworkers? If you do, you might become the recipient of a new virus that’s spread through the program. In this issue of “OS/400 Alert,” I’ll give you the lowdown on this sneaky new virus. I’ll also tell you about several other viruses and updates that you should be aware of.
AIM BECOMES TARGET OF SNEAKY VIRUS
If you use AOL Instant Messenger, you may become the target of new virus-like software attacking AIM users. I say virus-like because it is not truly a virus. Virus software is software that is installed on your computer, without your consent, and acts in a malicious or unwanted manner. You must download this new virus yourself after agreeing to its terms of service.
The virus software is sent through an AIM message, seemingly from a friend on your buddy list, which has a link to a new Osama bin Laden game. Since the message comes from someone you think you know, you may click the link and download the software. To make things worse, you actually have to agree to the rules of the virus software before you can download it. But since most people never read the legal mumbo jumbo when downloading software, you may not realize what kind of trouble you’ve gotten yourself into until the virus software has been downloaded and installed.
What can you do to protect yourself from viruses like this? First, never download anything until you read all of the requirements and agreements that come with the software. If you don’t like what it says, don’t download it. Second, don’t click any link sent from an AIM buddy unless you first verify that your buddy actually sent it. And, finally, always keep an up-to-date version of antivirus software, such as Norton Anti-Virus or McAffee Anti-Virus. Both of these packages will catch such viruses and prevent you from installing, running, and spreading them.
IBM’S RECOMMENDED FIX OF THE WEEK
A recommended fix is available this week for V5R2 Management Central.
There’s a recommended fix available for OS/400 Save and Restore.
There are recommended fixes available for BRMS.
There are recommended fixes available for AS/400 performance.
THIS WEEK’S NASTY WINDOWS WORRIES
W32.Welchia.C.Worm appears to be helping you, by downloading a couple of security patches from Microsoft. The worm then attempts to delete the MyDoom virus. What you don’t see happening is all the damage going on in the background.
VBS.Laske@mm is a mass-mailing virus that attempts to delete all content from drives A through P.
W32.Doomhunter is a worm that attempts to spread to machines infected with variants of W32.Mydoom@mm.
W32.HLLW.Deadhat.B is a variation of the W32.HLLW.Deadhat worm that gives hackers backdoor capability to your system. This virus spreads through the SoulSeek file-sharing program.
X97M.Esab is a simple macro virus that creates the 0Killbase.xls file in the Microsoft Excel startup folder. It infects other Excel workbooks when they are saved.
W32.HLLW.Doomjuice.B uses computers infected by W32.Mydoom.A@mm in order to spread. This worm also launches a denial-of-service attack on Microsoft’s Web site.
W32.Dumaru.AH@mm is a multi-threaded, mass-mailing worm that opens a backdoor, runs a keylogger, and attempts to steal personal information. The worm uses its own SMTP engine to spread to e-mail addresses it finds in the files on an infected system.
VBS.Bootconf.B is a Trojan horse that modifies Internet Explorer settings, redirects Web sites (such as Google, Yahoo, and MSN) to a different search page, and may pop up browser windows to a pornographic Web site.
W32.Kifer is a Trojan horse that drops BAT.Snoital@mm, which will attempt to delete antivirus software from your computer. It also spreads through MAPI-enabled e-mail clients, such as Microsoft Outlook, and IRC.
PTF’S AND FIXES FOR OS/400 AND RELATED PROGRAMS
The latest cumulative package for V5R2 customers was released on January 21.
The latest HIPER package was released on January 20.
The Database Group PTF was updated on January 26.
