Back to Ganoksin | FAQ | Contact

[Admin] [Important] Orchid and Viruses Issues


#1

Dear Orchid People;

I am sorry to hear that some of you were victims of a Trojan
virus attack.

Orchid is Virus free, we broadcast from a Unix environment, which
is virus free!

I am afraid that I cannot take responsibility for any viruses
users spread over the entire Internet, But I can assure you that
it was not originated from our server.

Being Online, getting and sending emails, browsing websites,
reading newsgroups or any other activity that you are doing while
your modem is on make you a potential victim to a virus
infection.

Protect yourself!

You can use the services of http://www.messagelabs.com, which
scan any of your incoming/outgoing emails, or subscribe to Mcafee
Online http://www.mcafee.com/ virus lab protection.

Those who suspect they were victims of a virus attack, Clean
your systems as soon as possible!. Use McAfee online virus scan
and cleaning services at:
http://www.mcafee.com/myapps/clinic/ov_clinic.asp?

Orchid is Free and Virus Free. Clean and protect yourself while
on Orchid to avoid infecting other users.

For those interested I list below some technical information
regarding the virus that some of you might acquiRe:

W32/Badtras.A-MM 
Date first captured: 12 April 2001
Country of origin: UK
Countries stopped in: 62
Top 3 countries UK, USA, Canada

Virus Characteristics: IMPORTANT

This mass-mailing worm attempts to send itself using Microsoft
Outlook by replying to unread email messages. It also drops a
remote access trojan. When run, the worm displays a message box
entitled, “Install error” which reads, “File data corrupt:
probably due to a bad data transmission or bad disk access.” A
copy is saved into the WINDOWS directory as INETD.EXE and an
entry is entered into the WIN.INI file to run INETD.EXE at
startup. KERN32.EXE (a backdoor trojan), and HKSDLL.DLL (a
keylogger DLL detected as DUNpws.av) are written to the WINDOWS
SYSTEM directory, and a registry entry is created to load the
trojan upon system startup.

Once running, the trojan attempts to mail the victim’s IP Address
to the author. Once this is obtained, the author can
connect to the infected system via the Internet and steal
personal such as usernames, and passwords. In
addition, the trojan also contains a keylogger program which is
capable of capturing other vital such as credit card
and bank account numbers and passwords.

The next time Windows is loaded, the worm attempts to email
itself by replying to unread messages in Microsoft Outlook
folders. The worm will be attached to these messages using one of
the following filenames (note that some of these filenames are
also associated with other threats, such as W95/MTX.gen@M):

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
RunOnce\kernel32=kern32.exe

Note: Under WinNT/2K, an additional registry key value is
entered instead of a WIN.INI entry:

HKEY_USERS\Software\Microsoft\Windows NT
CurrentVersion\Windows\RUN=%WinDir%\INETD.EXE

Hope It helps
For a better Orchid
Hanuman