Viceroy Posted March 20, 2004 Share Posted March 20, 2004 I just got sent a virus from CMMODS, so be careful if you get any email from administration@cozog.com The virus is called W32.Beagle.M@mm and details can be found at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.html My Nortons nailed it straight away, so update your virus software if you have to. Link to comment Share on other sites More sharing options...
_Axe_ Posted March 20, 2004 Share Posted March 20, 2004 I just got an e-mail from a forum member saying they got one too but it came with a message that said the "Cozog.com team" had suspended his account because of unauthorized access to the cozog.com server. Very strange. Heads up everyone. Link to comment Share on other sites More sharing options...
_Axe_ Posted March 20, 2004 Share Posted March 20, 2004 The W32.Beagle.M@mm is a polymorphic mass-mailing worm that uses its own SMTP engine to spread through email. Like previous Beagle variants, this worm opens a backdoor (it listens on TCP port 2556) and attempts to spread through file-sharing networks by copying itself to folders that contain "shar" in their names. W32.Beagle.M@mm also infects files with the EXE extension. The email has the following characteristics: From: Spoofed to appear as though it is coming from the one of the following addresses at the recipient's domain: * management * administration * staff * noreply * support Subject: One of the following: * Account notify * E-mail account disabling warning. * E-mail account security warning. * E-mail technical support message. * E-mail technical support warning. * E-mail warning * Email account utilization warning. * Email report * Encrypted document * Fax Message Received * Forum notify * Hidden message * Important notify * Important notify about your e-mail account. * Incoming message * Notify about using the e-mail account. * Notify about your e-mail account utilization. * Notify from e-mail technical support. * Protected message * RE: Protected message * RE: Text message * Re: Document * Re: Hello * Re: Hi * Re: Incoming Fax * Re: Incoming Message * Re: Msg reply * Re: Thank you! * Re: Thanks * Re: Yahoo! * Request response * Site changes Attachment: A randomly named .exe file, stored inside a .zip file or a .rar file, or a .pif file. The .zip and .rar files file may be password-protected. The file name, without the extension, is one of the following: * Attach * Details * Document * Encrypted * Gift * Info * Information * Message * MoreInfo * Readme * Text * TextDocument * details * first_part * pub_document * text_document Link to comment Share on other sites More sharing options...
Herr Kruger Posted March 20, 2004 Share Posted March 20, 2004 Are you okay as long as you don't open the attachment? Even if you don't have any sort of Antivirus software... J Kruger Link to comment Share on other sites More sharing options...
_Axe_ Posted March 20, 2004 Share Posted March 20, 2004 Originally posted by Herr Kruger: Are you okay as long as you don't open the attachment? Even if you don't have any sort of Antivirus software... J Kruger Yes, just delete it. And get some antivirus software. It's worth the investment. Link to comment Share on other sites More sharing options...
Wicky Posted March 20, 2004 Share Posted March 20, 2004 Opening it up, it appears to be to nuisance kiddy script (don't worry I've got a Mac Hacking into the actual e-mail seems to link up with a return path to edit: Sorry to Martin for inferring that he was in any way responsible for the dissemination of the virus !217.5.97.137SOFTWARE\winupd.exe\ cCLEANER3.EXEaud3da{te!PC AVproctw9xMGRDION016PF9X20NT 6VWNB181TDW=kXICSSUPP DEFmTCHPUTY RaSET/R+EAESCH95XXQU% [VgPDXTIVIRUS-C',FAS`ErLLLOW blah blah KERNEL32.DLLadvapi32.dllgdi32.dllole32 .dllSHELL32.dllshlwapi.dllurlmon.dlluser32 .dllwininet.dllwsock32.dllLoadLibraryAGet ProcAddressExitProcessRegCloseKeyDeleteDCCoInitializeShellExecuteAStrDup AURLDownloadToFileADrawTextAInternet GetConnectedStaterecvh6dzmn& blah blah [ March 21, 2004, 05:22 AM: Message edited by: Wicky ] Link to comment Share on other sites More sharing options...
Lou2000 Posted March 20, 2004 Share Posted March 20, 2004 Cozog.com has just become a temporary addition to my 'Blocked' email address list. Thanks for the warning. I cant believe ANYBODY runs without a virus checker these days ! If you dont want to buy one try AVG antivirus ...... its free. Link to comment Share on other sites More sharing options...
Firefly Posted March 20, 2004 Share Posted March 20, 2004 Originally posted by Wicky: Opening it up, it appears to be to nuisance kiddy script (don't worry I've got a Mac Hacking into the actual e-mail seems to link up with a return path to "martin.gregory(at)bigpond.com" Well Martin is a regular here and part of the CM community. I'm currently playing him myself. I doubt he is spreading this deliberately. Link to comment Share on other sites More sharing options...
Andreas Posted March 20, 2004 Share Posted March 20, 2004 The funniest virus I got was one that was sent from my work address to my work address. The problem is that now our admins have clamped down on emails using trigger words, and a lot of legit stuff gets stuck in their net with no warning that it has not been delivered. Brought to you by Bill Gates and the muppets at Microsoft. Link to comment Share on other sites More sharing options...
beady Posted March 20, 2004 Share Posted March 20, 2004 Originally posted by Viceroy: My Nortons nailed it straight away, so update your virus software if you have to. Ditto. I got the original, plus three or four more from infected computers. My own AV "F-Prot" nailed it as it came in. Best $30 I spend, every year! And to think that I was starting to get annoyed at the more-than-daily automatic updates that have become necessary! Here's a tip: to make it easier for my AV software, *all* my downloads, including email attachments, go into a special, single "downloads" folder. Now, does this mean that the CMMODS web site is unusable for the time being? [ March 20, 2004, 01:40 PM: Message edited by: beady ] Link to comment Share on other sites More sharing options...
Jussi Köhler Posted March 20, 2004 Share Posted March 20, 2004 Npe, dont think so. The damn virus is so sneaky it sends itself forward even though no files at CMMODS are infected. Thats what I think at least. Scan all your downloads just to be sure. Or dont download any mods for a few days. No worries, it might be sneaky but its not a Super-Doomsday Virus, thats for sure. Link to comment Share on other sites More sharing options...
Rob Murray Posted March 20, 2004 Share Posted March 20, 2004 Friggin nuisance anyway, thanks for the warning. Link to comment Share on other sites More sharing options...
Heinzi Posted March 20, 2004 Share Posted March 20, 2004 I got the mail, too. But when does the virus infect my pc. When I open the attachment (a zip file) or when I click on the mail in outlook? I deleted the mail anyway, but reading the text is still allowed I hope Link to comment Share on other sites More sharing options...
Sergei Posted March 20, 2004 Share Posted March 20, 2004 "Now, does this mean that the CMMODS web site is unusable for the time being?" I doubt CMMODS is really infected. The e-mail probably wasn't sent from the displayed address. These viruses usually make up a bogie e-mail address, something like administration@battlefront.com or frank@battlefront.com , or look up an address from the address book. Link to comment Share on other sites More sharing options...
Rob Murray Posted March 20, 2004 Share Posted March 20, 2004 I wouldn't chance downloading anything until COG gives the " all clear " ( just to be on the safe side ). Link to comment Share on other sites More sharing options...
Dawg Bonz Posted March 20, 2004 Share Posted March 20, 2004 Thanks for the heads up. I just got 3 "Re: E-mail account security warning." messages sent to my Mac ... deleted. Too bad the not so friendly folks doing the virus infection to COG can't find more productive use of their leisure time. Link to comment Share on other sites More sharing options...
Juju Posted March 21, 2004 Share Posted March 21, 2004 No need to get paranoid. All a hacker/spammer needs to make it look like something is sent from a specific person or site is an email address. Heck, I even get spam that's supposedly sent to me by myself (pretty sure it wasn't me, though. ), and I'm sure my computer isn't infected with a virus. Link to comment Share on other sites More sharing options...
tooz Posted March 21, 2004 Share Posted March 21, 2004 I got three today, but they were all placed in my junk folder, which I rarely open anyway. All three announced "Security warning". Sent them to cyber hell. :mad: Link to comment Share on other sites More sharing options...
GreenAsJade Posted March 21, 2004 Share Posted March 21, 2004 Originally posted by Firefly: </font><blockquote>quote:</font><hr />Originally posted by Wicky: Opening it up, it appears to be to nuisance kiddy script (don't worry I've got a Mac Hacking into the actual e-mail seems to link up with a return path to "martin.gregory(at)bigpond.com" Well Martin is a regular here and part of the CM community. I'm currently playing him myself. I doubt he is spreading this deliberately. </font> Link to comment Share on other sites More sharing options...
Chipaev Posted March 21, 2004 Share Posted March 21, 2004 OMG 1337 HaX0RZ! Banz0r h1m! J/k Link to comment Share on other sites More sharing options...
beady Posted March 21, 2004 Share Posted March 21, 2004 Originally posted by GreenAsJade: Despite this, because the virus is pretending to be from me, my Inbox is filling up with bounce messages saying "the virus you sent has been blocked blah blah" :mad: :mad: :mad: GaJ. I've been on that end of things, myself. You have my condolences. The good news is that the attack seems to be over. I got just that first spate of five or so messages, and nothing since (it's been 24 hours). The first message was the actual Virus Warning, the others were from what looks to be a mailing list of French and Finnish CMMODS users who also received the warning (Phillippe, Pascal and Anti - Hi, Guys!) - they discussed this in their emails. So, it would seem that the originating, infected computer belongs to someone who uses CMODDS. I posted a couple of music mods there, which is the only way I can think of that my address could have been harvested from that site. Link to comment Share on other sites More sharing options...
Mad Russian Posted March 21, 2004 Share Posted March 21, 2004 Originally posted by beady: [/qb]So, it would seem that the originating, infected computer belongs to someone who uses CMODDS. I posted a couple of music mods there, which is the only way I can think of that my address could have been harvested from that site. [/QB] Link to comment Share on other sites More sharing options...
Richie Posted March 21, 2004 Share Posted March 21, 2004 Hmmm, yeah, I got some crappy emails too, but you can't blame CMMODs. What we really need to do is send the wankers who write these viruses straight to the electric chair. I've always liked my steaks well done... Link to comment Share on other sites More sharing options...
GJK Posted March 21, 2004 Share Posted March 21, 2004 I really want to be careful here, but I had to comment.... GaJ, your upload to CMMODS is an executable file, McMMM - obviously the most likely type of file to be infected with a virus, where as everyone else uploads .zips of .bmps or .wavs - not likely to get infected. I'm just wanting to make sure that perhaps your McMMM hasn't become the infected file on CoG's server. FWIW, I just downloaded McMMM again and scanned it - came up clean on Norton Corporate AV. [ March 21, 2004, 10:49 AM: Message edited by: GJK ] Link to comment Share on other sites More sharing options...
GreenAsJade Posted March 21, 2004 Share Posted March 21, 2004 Good that someone checked McMMM. Glad to hear the copy at CMMODS is clean. GaJ. Link to comment Share on other sites More sharing options...
Recommended Posts