Holy crud -- I got a message about a disaster in China that has killed "millions", and a web site to see video. At that point I was offered beijing.exe, which clam didn't know about as of an hour ago. So its definitely spreading. --STeve Andre' On Thursday 26 June 2008 11:15:59 Joe Budzyn wrote: > If it is the one I just saw "Antivirus 2008", it came with a video codec. > > Joe > > On Thu, Jun 26, 2008 at 11:09:52AM -0400, Chris Wolf wrote: > > Does anyone know what specific vulnerability is being > > exploited here? Were the computers involved completely up-to-date with > > MS patches and still got infected? > > > > From: MSU Network Administrators Group > > [mailto:[log in to unmask]] On Behalf Of Bosman, Don Sent: > > Thursday, June 26, 2008 10:07 AM To: > > [log in to unmask] Subject: Re: [MSUNAG] XP or Vista Antivirus 2008 > > ..... Here is one mechanism of infection > > > > I > > always accepted users comments that they didn’t know how they got > > infested because its generally the truth. I didn’t understand how > > they couldn’t have noticed that their machine had slowed, but even > > on campus the network can get frustratingly slow at times. Now that it > > happened to me, I can tell you one way to get it. Using MSIE, browse to a > > recommended site from a news aggregator who has never let you down in the > > past. After thirty seconds or so your machine slows to the point that any > > tech knows it’s been infested. There are thousands of sites that > > are harboring mal-ware scripts. I know I should have been using Firefox, > > but for some reason I was in IE. > > > > For > > my home machine running online scans offered by both > > www.antivirus.com (Trend Micro) and > > http://www.kaspersky.com/virusscanner > > (Kaspersky Labs) cleaned up the problem. While not requiring much > > interaction from me, the scan process did take hours. > > > > Here > > at work I used to trust HitmanPro II > > http://www.hitmanpro.nl/hitmanpro/ > > but even it hasn’t been catching the latest script installed > > malware. > > > > Best > > practice as of today – Run Firefox or Opera with scripting turned > > off. I was amazed at the number of everyday sites that require scripting > > to do simple things that could have been better coded. Now I generally > > recover data from another profile and re-image the machine. > > > > Good > > luck. > > > > Don > > Bosman > > Information > > Technologist > > Libraries, > > Michigan State University > > > > 100 Library > > > > East Lansing, MI 48824-1048 > > > > [log in to unmask] > > > > (517) 432-6123 ext 233 > > > > Fax (517) 432-8374