Please add the following URL to your favorites and visit it regularly to find out about the latest virus threats.

http://securityresponse.symantec.com/

11/18/2003
PayPal Variant of Mimail

A new paypal imposter Mimail variant, W32/Mimail.J-mm, is spreading at high rate. It arrives with the subject "IMPORTANT" and an attachment called InfoUpdate.exe or "www.paypal.com.pif
It uses a forged or spoofed sender's address, so the return address does not indicate the true identity of the sender.

The worm spreads by emailing copies of itself to email addresses harvested from the infected computer.

When launched, it displays a bogus PayPal credit card verification window.  The information entered into this window is then saved in a file named "ppinfo.sys", and then sent to a remote server.

As always, please update your virus definitions!!!  For more information, please visit the Symantec Security Response page listed above.

 

11/7/2003
W32.Mimail

Several variants of this virus are currently spreading.  It is highly recommended that you update your virus definitions.  It is also recommended that you visit the following link to download the removal tool

To download the removal tool, click here.

 

9/23/2003
Update Hoax

There have been several well-known worms that appeared as support messages from Microsoft, the most famous and successful of which was SoBig.B. They were all simple text messages though. The newest attack, known as Swen or Gibe, is much more professional looking.  It is well-formatted, uses real graphics from Microsoft and has a lot of attention to detail.

It also has an executable attachment, which the message tries to pass off as a security patch. This is something Microsoft never does. If you ever get an executable attached to a message from a vendor you can take it as a strong sign that the message is not what it appears to be. The message was also not digitally signed, which all real security messages from Microsoft are supposed to be. Microsoft has violated this policy themselves on occasion, but it's still a good reason to raise your suspicions.



9/19/2003
W32.Swen.A@mm

W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.

The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.

As always, we recommend updating your virus definitions!!!  To learn more about the latest threat, click here.

9/10/2003
Update for MBlaster patch released from Microsoft

Microsoft has released an updated patch for the vulnerabilities recently exploited by the W32.Blaster Worm (see below).  In order to make sure your system is up to date, please visit the following link:

http://www.microsoft.com/security/security_bulletins/ms03-039.asp

 

W32.Welchia.Worm:  

We have been swamped with complaints about this one.  It appears that it is virus season!!!  Please click here to obtain the Symantec Removal Tool.

We strongly advise all customers to ensure that your anti-virus software is up-to-date.  If you are not running anti-virus software, we strongly encourage you to do so.  The MultiPro Network offers a Postini Virus filtering service for e-mail.  Please don't confuse this service for complete virus protection.  Postini will stop 99% of viruses that are spread through e-mail.  But, the last few nasty viruses have been delivered directly over the Internet and not through e-mail.

We highly recommend Norton's Anti-Virus package.  We also recommend Macafee's anti-virus package.  Either package can be purchased at Staples, Office Max, Wal-Mart or your local computer store.  We also recommend AVG.  You can download a free edition of AVG for personal use only here:

http://www.grisoft.com/us/us_dwnl_free.php

Don't' forget to update your virus definitions!!!

 

SoBIG:  (All current versions of Microsoft Windows, 95, 98, ME, NT, 2000, and XP)

The SoBIG virus is making its way around again.  This virus typically is passed through e-mail.  Please update your virus definitions as soon as possible.  Symantec (makers of Norton Anti-Virus) have a removal tool that can be downloaded by clicking here.  
For more info on SoBIG, click here.

 

MBLASTER:

Many users of Windows 2000 and Windows XP have suffered infection from the W32.Blaster.Worm.  If your computer runs Windows 2000 or Windows XP, you may be vulnerable to this worm.  If you receive unexpected messages about your system being shut down, or General Remote Procedure Call error, your system may be infected.

Info about the Virus

Download the Symantec Removal Tool
(To start the installation immediately, click Open or 
Run this program from its current location
.)

Microsoft Patches for Windows 2000 

Microsoft Patches for Windows XP

Actions Taken by The MultiPro Network

It is the policy of The MultiPro Network to provide direct, unfiltered access to the Internet.  However, we have taken the following precautionary measures:

The MultiPro Network is temporarily blocking the ports used by this exploit in order to protect our customers.  However, these ports are sometimes used for legitimate Internet communications, and the port restrictions will be removed on Monday, August 25, 2003.  This port blocking will have NO effect on 99% of our customers.  Customers using TFTP applications, and RPC applications may be effected.

We STRONGLY urge all customers using Windows 2000 or Windows XP to run the fix tools above and update your system with the appropriate Microsoft patches.

For all the Geeks (like us):

The ports being blocked are

* 69/UDP
* 135/TCP
* 135/UDP
* 139/TCP
* 139/UDP
* 445/TCP
* 445/UDP
* 4444/TCP