New Worm Variant in Circulation

MidnightCowboy · 10. Sep 2010, 02:34 PM

This one exploits anyone clicking on a link in a booby trapped email. It also seeks to take advantage of the Windows autorun feature and disable your security software to remain undetected.

http://www.bbc.co.uk/news/technology-11258795

garth · 10. Sep 2010, 05:57 PM

Thanks for the heads up MC. Who'd open mail like that anyway?

On a related matter, it says the thing can be spread via flashdrive. This has set me wondering how vulnerable my machine is since i use it for work. Through my work i encounter people who, despite my best efforts to steer them toward safe browsing habits, remain indifferent to their personal internet security. Every time i have to plug one of their drives into my machine or mine into theirs i shudder and wonder if there is something specifically designed to secure my machine against this type of attack or if i have it covered with my existing setup: Avast, Immunet, ThreatFire, PF7.
Is it possible to configure the thing so flashdrive contents are automatically sandboxed (with Sandboxie) when they are inserted?
Apologies if i should have started a thread for this but it seemed relevant. I'd be grateful for advice on this

MidnightCowboy · 10. Sep 2010, 07:04 PM

Quote:

Originally Posted by garth

Thanks for the heads up MC. Who'd open mail like that anyway?

Thousands, every day

I think the simplest answer to your other issue is Panda Vaccine which is easy to use and removes the need to mess around with your autorun settings manually.

http://www.pandasecurity.com/homeuse...ds/usbvaccine/

You still need to take care with what may be on the drive but you can always scan these first with Malwarebytes, HitmanPro or your resident Avast! At least with Panda Vaccine installed nothing bad can auto-execute when the drive is inserted.

garth · 10. Sep 2010, 08:01 PM

Ok thanks MC

I'll get that installed asap. I have MBAM snd SAS so not a prob there. Never actually tried HitmanPro but occasionally i do like to use the machine for something other than running malware scans and fueling paranoia

.
If i ever do try it, it'll be to swap out one of the others.

bo.elam · 11. Sep 2010, 07:25 AM

Quote:

Originally Posted by garth

Is it possible to configure the thing so flashdrive contents are automatically sandboxed (with Sandboxie) when they are inserted?

On the registered version you can force the drive to open
sandboxed by adding the letter of the drive to forced folders
settings, so it automatically opens sandboxed.

Bo

bo.elam · 11. Sep 2010, 07:32 AM

Quote:

Originally Posted by MidnightCowboy

This one exploits anyone clicking on a link in a booby trapped email. It also seeks to take advantage of the Windows autorun feature and disable your security software to remain undetected.

http://www.bbc.co.uk/news/technology-11258795

I use Outlook Express and have not use a anti virus to scan my mail
for the last couple of years. I managed to do so but this is the type
of dangers that I have to be extra careful, I think.
Thanks MC

Bo

syntax_error · 11. Sep 2010, 09:23 AM

Thanks for the link MC. I guess Panda is doing this as their Cloud anti virus is not so good if you lose the internet connection.

Have to wonder why other anti virus companies or MS do not offer this. Seems, in hindsight, like such an obvious thing to do.

If I run the panda security vaccine, do you now if it's reversible.

MidnightCowboy · 11. Sep 2010, 09:57 AM

Quote:

Originally Posted by syntax_error

If I run the panda security vaccine, do you now if it's reversible.

To my knowledge it can't, except with a format.

garth · 11. Sep 2010, 10:43 AM

Quote:

Originally Posted by bo.elam

On the registered version you can force the drive to open
sandboxed by adding the letter of the drive to forced folders
settings, so it automatically opens sandboxed.

Bo

Thanks bo that's useful to know. When you say registered do you mean paid? i've been thinking about upgrading Sandboxie anyway so MC's post on this
worm variant is a timely reminder. Think i'll do that today

g

bo.elam · 11. Sep 2010, 03:07 PM

Quote:

Originally Posted by garth

Thanks bo that's useful to know. When you say registered do you mean paid? i've been thinking about upgrading Sandboxie anyway so MC's post on this
worm variant is a timely reminder. Think i'll do that today

g

You welcome garth, take a look at forced folders settings, here:
http://www.sandboxie.com/index.php?ProgramStartSettings

Bo

10. Sep 2010, 02:34 PM	#1 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 9,250	New Worm Variant in Circulation This one exploits anyone clicking on a link in a booby trapped email. It also seeks to take advantage of the Windows autorun feature and disable your security software to remain undetected. http://www.bbc.co.uk/news/technology-11258795 __________________ Knows nothing and cares even less

10. Sep 2010, 08:01 PM	#4 (permalink)
garth Senior Member Join Date: Sep 2010 Location: Here. Posts: 1,451	Ok thanks MC I'll get that installed asap. I have MBAM snd SAS so not a prob there. Never actually tried HitmanPro but occasionally i do like to use the machine for something other than running malware scans and fueling paranoia. If i ever do try it, it'll be to swap out one of the others.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

10. Sep 2010, 05:57 PM	#2 (permalink)
garth Senior Member Join Date: Sep 2010 Location: Here. Posts: 1,451	Thanks for the heads up MC. Who'd open mail like that anyway? On a related matter, it says the thing can be spread via flashdrive. This has set me wondering how vulnerable my machine is since i use it for work. Through my work i encounter people who, despite my best efforts to steer them toward safe browsing habits, remain indifferent to their personal internet security. Every time i have to plug one of their drives into my machine or mine into theirs i shudder and wonder if there is something specifically designed to secure my machine against this type of attack or if i have it covered with my existing setup: Avast, Immunet, ThreatFire, PF7. Is it possible to configure the thing so flashdrive contents are automatically sandboxed (with Sandboxie) when they are inserted? Apologies if i should have started a thread for this but it seemed relevant. I'd be grateful for advice on this

11. Sep 2010, 09:23 AM	#7 (permalink)
syntax_error Full Member Join Date: Jul 2008 Posts: 79	Thanks for the link MC. I guess Panda is doing this as their Cloud anti virus is not so good if you lose the internet connection. Have to wonder why other anti virus companies or MS do not offer this. Seems, in hindsight, like such an obvious thing to do. If I run the panda security vaccine, do you now if it's reversible.