the Gurus Online http://www.eznuke.com/gurusonline GurusOnline en-us Christmas Viruses http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=12 Panda Software's weekly report on viruses and intruders -
   Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, December 23 2005 - This week's report looks at two Trojans
-MerryX.A and Mitglieder.GO-, and two worms -Dasher.A and Dasher.B-.

MerryX.A is a Trojan sent in an email with the following characteristics
relating to Christmas:

Subject: MERRY CHRISTMAS!

Message text: Merry Christmas and a Happy New Year!

Attachments: A_LIGHTSMC10.GIF, a picture of colored lights with the
words "Merry Christmas"; and MERRY CHRISTMAS!.RAR, a self-extractable
file containing two other files: SQLServer.exe, a copy of the Trojan,
and MERRY CHRISTMAS!.SWF, a Flash animation showing Father Christmas
leaving presents by a tree.

MerryX.A takes a series of actions on the computers it infects
including:

- It logs the keystrokes typed by the user. This can be used to capture
passwords or other kind of sensitive information, thus posing a threat
to the user's privacy. Then, it connects to a remote server, to which it
sends the information gathered.

- It attempts to download files from different websites. These can be
any type of file, including malware.

The second Tojan we're looking at today is Mitglieder.GO, which has been
sent massively via email by the Bagle.FX worm, in a message containing a
ZIP file.

Mitglieder.GO is a Trojan that connects every four hours to a random URL
selected from a list of websites included in its code in order to
download and run a file. This file can be of any nature, including
malware. When it is run this Trojan displays a Windows image.

We end today's report with Dasher.A and Dasher.B, two worms that spread
across the Internet. They spread in a self-extractable RAR file that
search for IP addresses of computers with Windows 2003/XP/2000 affected
by the critical vulnerabilities reported by Microsoft in bulletin
MS05-051. The self-extractable RAR file is installed on vulnerable
computers in which Dasher.A and Dasher.B manage to exploit these
security problems.

If your computer has Windows 2003/XP/2000, it is advisable to download
and install the updates that resolve these vulnerabilities. More
information is available in Microsoft bulletin MS05-051.

More information about these and other threats is available from Panda
software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If
this happens, just use the 'cut' and 'paste' options to join the pieces
of the URL.


------------------------------------------------------------
To unsubscribe from Virus Alerts, please visit:
http://www.pandasoftware.com/unsubscribe.asp

To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
",0] ); //--> contains and installs other files that open port 1025. These files
search for IP addresses of computers with Windows 2003/XP/2000 affected
by the critical vulnerabilities reported by Microsoft in bulletin
MS05-051. The self-extractable RAR file is installed on vulnerable
computers in which Dasher.A and Dasher.B manage to exploit these
security problems.

If your computer has Windows 2003/XP/2000, it is advisable to download
and install the updates that resolve these vulnerabilities. More
information is available in Microsoft bulletin MS05-051.

More information about these and other threats is available from Panda
software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If
this happens, just use the 'cut' and 'paste' options to join the pieces
of the URL.
 New Virus steals Spanish bank info http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=11 Orange Alert:Panda Software reports new Trojan that could steal
       online banking passwords of thousands of Spanish-speaking users

               Virus Alerts, by Panda Software
(http://www.pandasoftware.com)

A new Trojan, Nabload.U, which is distributing itself through Messenger,
has appeared a few hours ago. This Trojan downloads another Trojan,
called Banker.bsx, which is currently the number one detected piece of
malware from Panda's ActiveScan. Its objective is to obtain the
passwords of certain banks that it has stored in its code primarily from
Spanish-speaking users.

The most unusual aspect of this Trojan is its ability to capture  the
information without the use of a traditional key logger. The user will
be unaware that this is occurring. Banks that use virtual keyboards to
avoid keyloggers won't be protected from this Trojan.

Once the author has the keys, he can commit banking fraud with the
accounts.

According to Luis Corrons, PandaLabs director: "This Trojan is an
example of a hybrid virus that mixes different techniques. Once the user
clicks on the URL, it is able to download a Trojan and use techniques
similar to some spyware and phishing attacks. It is, without a doubt, a
Trojan designed to steal data quickly, and  without leaving any tracks."


Nabload.U uses social engineering techniques to get the user to click on
the URL provided. The sentence is in Spanish: "ve esa vaina
http://hometown.%eliminado%.au/miralafoto/foto.exe." It is disguised as
a personal contact. When the user clicks on this URL, another Trojan,
http://hometown.%eliminado%.au/arqarq/coco2006.jpg and
http://hometown.%eliminado%.au/modnatal/coco2006.jpg that downloads a
configuration file. In this file, you can find - as well as other
information- the e-mail address where the stolen data will be sent.


This Trojan opens up port 1106 on the computer and stays active. So,
when the user tries to access  one of the online bank addresses shown
bellow, the Trojan will be able to capture what the user is doing on the
screen, including the login and password typed by virtual keyboards to
access the bank account. This Trojan only captures the information from
the addresses below:

https://secure2.venezolano.com/
https://e-bdvcp.banvenez.com
https://www.ibprovivienda.com.ve/personas/
https://banco.micasaeap.com/individualmc/
https://olb.todo1.com/servlet/msfv/
https://www.banesco.com",1] ); //--> Banker.BSX, is downloaded. It also offers two others URLs_
http://hometown.%eliminado%.au/arqarq/coco2006.jpg and
http://hometown.%eliminado%.au/modnatal/coco2006.jpg that downloads a
configuration file. In this file, you can find - as well as other
information- the e-mail address where the stolen data will be sent.


This Trojan opens up port 1106 on the computer and stays active. So,
when the user tries to access  one of the online bank addresses shown
bellow, the Trojan will be able to capture what the user is doing on the
screen, including the login and password typed by virtual keyboards to
access the bank account. This Trojan only captures the information from
the addresses below:

https://secure2.venezolano.com/
https://e-bdvcp.banvenez.com
https://www.ibprovivienda.com.ve/personas/
https://banco.micasaeap.com/individualmc/
https://olb.todo1.com/servlet/msfv/
https://www.banesco.com .htm
https://www.banesconline.com
https://www.provinet.net/shtml/
https://bod.bodmillenium.com
https://www.corp-line.com.ve/personas/

Once the Trojan has captured the information, it sends this data to an
e-mail address. The author can change this e-mail address as desired.

To help as many users as possible scan and disinfect their systems,
Panda Software offers its free, online anti-malware solution, Panda
ActiveScan, which now also detects spyware, at
http://www.activescan.com. Webmasters who would like to include
ActiveScan on their websites can get the HTML code, free from
http://www.pandasoftware.com/partners/webmasters.

TruPreventTM detection technologies detect and eliminate Banker.BSX with
no need for previous updates, so computers with these technologies have
been protected from the moment the Trojan Horse appeared.

For further information about Nabload.U and Banker.BSX, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

------------------------------",1] ); //--> /servicios_electronicos_pag.htm
https://www.banesconline.com
https://www.provinet.net/shtml/
https://bod.bodmillenium.com
https://www.corp-line.com.ve/personas/

Once the Trojan has captured the information, it sends this data to an
e-mail address. The author can change this e-mail address as desired.

To help as many users as possible scan and disinfect their systems,
Panda Software offers its free, online anti-malware solution, Panda
ActiveScan, which now also detects spyware, at
http://www.activescan.com. Webmasters who would like to include
ActiveScan on their websites can get the HTML code, free from
http://www.pandasoftware.com/partners/webmasters.

TruPreventTM detection technologies detect and eliminate Banker.BSX with
no need for previous updates, so computers with these technologies have
been protected from the moment the Trojan Horse appeared.

For further information about Nabload.U and Banker.BSX, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

 Post-holiday posting http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=10 Now that the holidays are pretty much over, the Gurus will be online more often. Just like you, we have families, and have enjoyed some time with them, but now it's time for us to get back to work! Internet Safety Guidelines for Kids http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=9 From SafeKids.com -


Kids' Rules for Online Safety

1. I will not give out personal information such as my address, telephone number, parents’ work address/telephone number, or the name and location of my school without my parents’ permission.

2. I will tell my parents right away if I come across any information that makes me feel uncomfortable.

3. I will never agree to get together with someone I "meet" online without first checking with my parents. If my parents agree to the meeting, I will be sure that it is in a public place and bring my mother or father along.

4. I will never send a person my picture or anything else without first checking with my parents.

5. I will not respond to any messages that are mean or in any way make me feel uncomfortable. It is not my fault if I get a message like that. If I do I will tell my parents right away so that they can contact the service provider.

6. I will talk with my parents so that we can set up rules for going online. We will decide upon the time of day that I can be online, the length of time I can be online and appropriate areas for me to visit. I will not access other areas or break these rules without their permission.

7. I will not give out my Internet password to anyone (even my best friends) other than my parents.

8. I will check with my parents before downloading or installing software or doing anything that could possibly hurt our computer or jeopardize my family’s privacy

9. I will be a good online citizen and not do anything that hurts other people or is against the law.

10. I will help my parents understand how to have fun and learn things online and teach them things about the Internet, computers and other technology.


Rules one through six are adapted from the brochure Child Safety on the Information Highway by SafeKids.Com founder Larry Magid. (© 2004 National Center for Missing and Exploited Children). Rules 7 through 10 are copyrighted by Larry Magid (© 2005)
Sober.AH world's most detected virus http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=8 From Panda Software:

Madrid, November 22 2005 - The Sober.AH worm, detected just a few hours ago by PandaLabs, is now the most frequently detected virus worldwide, according to data collected by the Panda ActiveScan online antivirus solution.

As was expected, and given the fact that this worm sends itself in email messages in English or German depending on the recipient's address, the United States and Germany have been, until now, the countries most affected by Sober.AH. However, according to data from PandaLabs, incidents have been recorded all around the world.
 FBI reports E-Mail Scam, Worm http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=7 From Techtree.com:

The Federal Bureau of Investigation (FBI) has issued a press note warning the public to avoid falling victim to an on-going mass e-mail scheme, wherein computer users received unsolicited e-mails supposedly sent by the FBI.

These scam e-mails tell the recipients that their Internet use has been monitored by the agency, and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions.

Latest Gurus Members http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=6 Please welcome Gurus Online Alkazar and Gurus Online Dave to the ranks of the Gurus Online! New Downloads http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=5 We have added a number of new programs to our downloads section. Our featured program is All In One Secretmaker, an awesome program that provides all kinds of internet utilities, such as popup and spam blocker, email scanner, intruder protection and more.
 Guidelines of the Gurus Online http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=4
As a member of the Gurus Online, there are certain guidelines and standards we ask you to keep in mind in order to uphold and maintain our reputation in the rooms.

1. Remember that we function as helpers and chat ambassadors. As such, we are not to allow ourselves to be drawn into room drama.

2. Always be courteous and helpful. Offer assistance wherever possible.

3. No member of the Gurus Online is to engage in booting or hacking, or to assist others in doing so by providing information, tools or programs.

4. While on your Gurus Online name, you are to remain AVAILABLE status at all times.

5. It is fine to advertise the Gurus Online, but do so sparingly. Unless requested by a chatter, limit posting of the website to twice per hour in any room.

6. Recruiting is fine as well, as long as guideline #5 is adhered to.
 How Do I Become a Guru? http://www.eznuke.com/gurusonline/modules.php?name=News&file=article&sid=3
So you have seen us in action, and have decided you want to become a member. But how do you get started? This article discusses the screening process and qualifications required to become a member of the Gurus Online.

SCREENING PROCESS

We are extremely selective of our members. Not everyone is cut out to be a Guru. So we have established a screening process to ensure we get the cream of the crop.

In most cases, we will not consider a candidate until they have been in Yahoo chat for at least 6 months. Occasionally we may make an exception, if we find someone with a great deal of knowledge that has less than 6 months in chat.

Candidates will have at least one specific area of expertise;i.e.: Chat, Web Design, Software, Hardware Troubleshooting and the like.

Candidates must be referred by a member in good standing.

For the first two weeks, a probationary member may be observed by a member of the Gurus Online to offer support and to ensure guidelines are followed.

GROUP GUIDELINES

You must be willing to spend at least 4 hours per week online in your Gurus Online name. While in your Gurus name, you will be on AVAILABLE status. An invisible Guru cannot help.

Gurus Online members will uphold the spirit of the group, and avoid confrontation at all costs. We act as peacekeepers and helpers, we do not add to the problem by escalating it.

At all times, members must be alert and aware of the room, and be willing to offer assistance. If a question or problem is outside your area of expertise, contact another member. If there are no members online, get as much info as you can, refer the person with the problem to our forums, and follow up with them once an answer is found.

At no time is it appropriate for a member of the Gurus Online to engage in booting or hacking. This is grounds for immediate dismissal from the group.

If you have an issue with a person or group in chat, ignore them and report the problem to Gurus Online Leader.