FYI: ALERT- The BlackWorm virus- Act now to avoid infection

Threat Level: HIGH

PandaLabs has detected that all computers infected with BlackWorm will encounter widespread damage this Friday, Feburary 3. BlackWorm, also known as "Tearec.A", "Mywife.E" and "KamaSutra" will corrupt all Microsoft Word, Microsoft Excel or Microsoft PowerPoint files on infected computers.

Don't wait to check if your computer contains Blackworm.
Panda Software recommends running an online virus scan immediately.

INFORMATION:
BlackWorm (Tearec.A) spreads through e-mail attachments, peer-to-peer networks and network shares. It disables and ends several antivirus programs installed on the affected computer. It also attempts to delete files belonging to several antivirus programs, peer-to-peer file sharing programs (P2P) and other Internet applications, which would cause them to stop working.

Additionally, it monitors the network traffic of certain connections related with antivirus programs and email services to collect passwords.

FREE VIRUS SCAN:
Scan your computer for Blackworm.
http://www.ActiveScan.com

Note: Posted as a public service. The poster is not in any way associated with Panda Software, and makes no claims as to the actual urgency of this virus warning.

...I'm really uncomfortable about running a script like this-- it opened my computer up totally, bypassed my Symantic security wall, installed and ran executables that I know nothing about, etc. Since I don't know anything about PandaScan I feel like I've just violated the most basic security no-no. We shall see.

on edit-- with only about 1/5 of the scan finished it says it's detected 90 spyware 'bots that neither Spybot Search and Destroy or Adaware found in a recent scan. WTF?

Four viruses so far that a Symantic virus scan did not detect YESTERDAY! AGAIN, WTF?!

I wouldn't have posted the link if I weren't confident it was safe. I say this as a computer repair professional who gets a large percentage of my income from cleaning computer virii off machines.

And thanks for the heads up, I am running Symantec scan now just in case.

...so this really pisses me off!

You're in good shape.

Today I got a window saying my system had recovered from a fatal error and to send report to MS. That web page said to do a live update (Norton) but it said all files were current. What does that mean?

Thanks, Carla

I have no clue

http://www.commentwire.com/article_news.asp?guid=20856A5C-3952-4F2C-913A-1E963F902D41

BlackWorm Preps to Wipe Drives
25th January 2006
By Staff Writer
Update your users' anti-virus signatures. An email worm known to have infected three quarters of a million computers will start deleting data on February 3.

Known as BlackWorm, the malcode has been spreading via email since the weekend. It generally arrives as a .pif or .scr attachment, masquerading as a porno picture.

Once installed, it waits until the 3rd of the month, then attempts to delete files that have extensions including .doc, .xls, .ppt, .pdf, .rar and .zip -- basically, the formats in which most Windows users have their most important data.

Antivirus companies have been able to track the spread of the worm because BlackWorm, once installed, attempts to connect to a counter at a publicly accessible web site. At the time of writing, the counter had clocked up over 700,000 hits.

According to the SANS Institute's Internet Storm Center, one way to discover whether a machine on your network has been infected is to check if any machine has connected to any URL at "webstats.web.rcn.net" without a referrer field in the HTTP header.

The worm is also known as Kama Sutra. All the major antivirus software vendors already offer signatures for this malcode.

http://www.commentwire.com/article_news.asp?guid=20856A5C-3952-4F2C-913A-1E963F902D41
.

How do you find out if your machine has connected to that site?