Flea bugs Windows users

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

A new virus called Flea is on the loose. The Visual Basic Script worm disguises itself as the ‘signature file’ in HTML-formatted mail.

Flea can execute automatically when users open HTML formatted emails in Microsoft Outlook or Outlook Express. Unlike most Windows nasties, the bug does not depend on a user opening an infectious file to do its mischief, Finnish AV vendor F-Secure warns.

When an infected HTML email is rendered a webpage is loaded. This page contains JavaScript which in turn loads another webpage containing the VB Script which drops a file (C***.HTM) in the Windows folder

rest of story

F-secure Advisory

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Interesting. I tried looking for this at http://www.sarc.com since I use Norton Anti-Virus, but I couldn't find any "flea" reference on their site. Obviously, this is of concern to me.

 

Here's another reference at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_FORTNIGHT.M

 

I just got to work and found a virus alert e-mail from avertlabs/mcafee on this worm. It's rated low profile because of media attention (I must have missed the attention so far). Discovered on the 21st. I went to a security site http://www.securelyspeaking.com and they hadn't heard of it either.

 

It's still early days yet.......But it does make you wonder how good these so called security web site ACTUALLY are, if anyone should know first, they should.

 

Well, the worm references a server in Spain and it's first noticed by a finnish anti-virus outfit and the register in the uk. Maybe it took a day or so to come to the attention of the folks on my side of "the pond". Just a thought.

 

It all just highlights the fact that your av solution is only as good as its most recent update and when asked which one is best the answer is always going to be different from one minute to the next because it's always going to be the provider who is quickest with a definition for the latest threat

 

Cheers for the nod, Phil - more to look out for

Just as an aside, I was doing a full clean install of Server on my main box earlier this week. I got everything loaded up (inc. ZoneAlarm and Grisoft AVG6) before I even went near the net. In the time it took me to connect to the AVG Update site and bring down the latest definitions, guess who sneaked in ? Our old "friend" Naachi

Fortunately, ZoneAlarm caught it trying to get back out, but I just cannot believe some folks go without any form of security these days - then they come running to us when the worst does happen

 

Whenever we set up a machine here, we log onto the anti virus server we have, load the client software and run a full scan. The machines I've worked on so far have been clean but I've heard that machines that new can still have viruses found on them.