PSC Library-Newsletter Archives

PSC Newsletter December 2003
Mon, 22 Dec 2003
Warning to P2P Users - be CAREFUL!

The number of P2P worms (Kazaa, Donkey, Grokster, whatever) have been increasing lately, and in the last couple of weeks, it is spreading at a magnitude higher than we could have imagined here in the BOClean lab. In just the past 3 days, we've covered 18 completely new "wrigglers" that are, as this is typed, undetected by any of the known antiviruses.. I expect they will be soon, but at the moment, they are not. These are part of the 28 nasties added to BOClean's detection database today alone. We see no reason that this level of new malware releases is going to subside anytime soon.

Given the magnitude of these releases, precautions are recommended in general owing to the sheer number of them with each passing day ... thus, we'd like to offer some suggestions in order to protect you, because as quickly as we can spot them, they've been out for HOURS and avid users of P2P downloads are at risk without following a few simple rules for this current reality.

When you look over a file directory to see if there's neat games, cracks, or "full versions" of commercial software, AVOID the instinct to download it and run it *NOW* ... if you're into pirating software, WAIT a week or two before you run it ... put it aside and WAIT. Chances are BOClean will have these nasties covered sooner than most others, but since no one knows what's in those files for certain, hang on for a week or so just to be sure.

When downloading "PORN VIEWERS" or other sideshows, same rule applies ... if you're going to download it, PUT IT ASIDE. Sadly, MANY of these "treats" are TROJANS. First order of business, your passwords. Many of them also set up rogue porno sites on YOUR machine. Or worse, spamhauses that will result in a call from your ISP: We went into this back in September:

www.nsclean.com/nws-spam.html file

P2P users are the LATEST target of the "ne'er-do-wells" since the pervasive argument is "music and software thieves are larcenous, so we can get them and who are they gonna call?" ... while most folks on P2P are honest, innocent people, and in CANADA downloading music is OK as long as you don't UPLOAD any (unless you're a musician doing your own stuff) you're at GREAT risk. The professional quality of some of the trojans we've seen in P2P networks the past few weeks impresses even us. The stuff that's been turning up on the P2P clients on ordinary people's machines have been frightful.

Bottom line - if you're downloading, make SURE that your "P2P client" is showing you the *FULL* filename - make CERTAIN that the file that you download and run doesn't actually end in *.EXE, *.COM, *.PIF, *.SCR, *.HTA, or any other number of possible file (total) extensions other than *.MP3, *.RA, etc ... make sure that you know what you're downloading. This file from Symantec will show you how to configure YOUR version of Windows to "tell the truth" and show EVERYTHING. Please takes these steps if you use P2P file sharing, and it's a good idea even if it adds more clutter to your screen and programs - it'll SHOW you what the file REALLY is ...

Symantec Support Site File

With many of the trojans we've seen in the past few months, you don't even NEED P2P File sharing, they'll "gladly provide it" . Keep an eye out on your machine (after lighting up "show all" as described above) ... watch for folders inside the "Windows/WINNT" folder, or the "SYSTEM/SYSTEM32" folder, or off the "Program Files" folders - if you see a "mystery folder" that contains a number of EXE files of the SAME SIZE, suspect that you've been whacked . Just put it aside to prevent a trojan or worm from executing before your security software even has a chance of detecting it, so that your AV or BOClean can tell if you downloaded a TROJAN instead of what you thought you were getting ...

We've been going 24+ (at least it seems like that) hours a day here trying to keep up, which is why we're publishing this newsletter. It's gotten MIGHTY nasty out there. PLEASE be careful, and KNOW what you're REALLY downloading.
_________________________________________________________________________

You are receiving this email as part of our Opt-In Newsletter program. You have either opted in with us or through Digital River. We value your privacy. If you wish to stop receiving these, please email newletter@nsclean.com with the subject of OPT-OUT and ONLY the email address(es) to be deleted in the body of the message. If you have received multiple copies of the mailing in error, please email newsletter@nsclean.com with the subject of MULTIPLE and list ONLY the email address(es) to be deleted in the body of the message, we will retain the primary address and send one copy to you in the future. Thank you. ©2003 Privacy Software Corporation. All rights reserved.

TOP