Get your anti virus' booted up and make sure their definitions are brand spanking new, this new blackworm virus is gonna be a biggie:

Over the last week, "Blackworm" infected more then 700,000 systems as measured using a counter web site used by the worm to track itself. This worm is different and more serious then other worms for a number of reasons. In particular, it will delete a user's files on February 3rd.

At this point, the worm will be detected by up to date anti virus signatures. In order to protect yourself from data loss on February 3rd, you should use current (Jan 23rd or later) anti virus signatures.

The following file types will be overwritten by the virus: DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, ZIP. The files are overwritten with an error message( 'DATA Error [47 0F 94 93 F4 K5]').

http://isc.sans.org/diary.php?storyid=1067

That's nasty, but as is usual with a worm, its going round disguised as email.

I had it today, and NOT flagged up by up to date AVG anti-virus, it even disguised itself by purporting to be from a friend of mine. The content of the email and the attached (after a careful look) executable persuaded me to dump it.

Is this triggered only for 3 Feb Sean, or will it run afterwards??

John

as far as i'm aware, that is the 'trigger' date for it to kick into action, if i hear otherwise i'll sure keep you all updated.

yorkman wrote:
Is this triggered only for 3 Feb Sean, or will it run afterwards??

John

I have read it is triggered to delete files on the 3rd of every month from Feb onwards.

Stevo wrote:

yorkman wrote:
Is this triggered only for 3 Feb Sean, or will it run afterwards??

John

I have read it is triggered to delete files on the 3rd of every month from Feb onwards.

Saw this on CNN and Steveo is correct. Set to trigger on the 3rd of EVERY month.

Doug

wansman wrote:

Stevo wrote:

yorkman wrote:
Is this triggered only for 3 Feb Sean, or will it run afterwards??

John

I have read it is triggered to delete files on the 3rd of every month from Feb onwards.

Saw this on CNN and Steveo is correct. Set to trigger on the 3rd of EVERY month.

Doug

Ok, thanks Doug,

As said before, it manifests itself as an email from an expected source; just look at the content and decide, and then do not click on any links it suggests, it's a hidden executable (.exe..) that will install the worm.

Most antivirus linked to Outlook or whatever will see this and warn you as you download; the ones in danger are those that use web email (hotmail, yahoo, etc etc)

I just dump any email I did not expect, like junk mail through the front door of your house. If you do this it's not a problem IMHO

John

Bangkok butcher, can I ask what is the purpose of the flag which apparently is supposed to show my IP or computer address? Is it a new toy you've got? cause if so, it ain't working properly. My Id starts with 202. Just one point, if you get it right, doesn't it aid the spammers?I wouldn't know , so its a serious question.

Maybe not a good idea Sean IMHO or there are going to be a lot of "spying" questions I think. Its working just fine here.

It's not all it seems Val... It won't help the spammers, but nevertheless

A copy of info from elsewhere "Your IP address and other information are only visible to YOU, not to others, but because people see their own IP address and computer information displayed in the graphic, they think that their information can be seen by everyone!"

John

Easily removed, if Firefox is your browser you can download and install "Adblock" extension, right click on Danasoft flag and Adblock it.
As Yorkman rightly states, all Danasoft does is display the info to you, however I understand this little program can be used to track your movements(as does your browser)!

I must admit, I did a double take until I realised what it was doing I was on the comp at work and it spotted me, so it seemed.....

John

valentine wrote:Bangkok butcher, can I ask what is the purpose of the flag which apparently is supposed to show my IP or computer address? Is it a new toy you've got? cause if so, it ain't working properly. My Id starts with 202. Just one point, if you get it right, doesn't it aid the spammers?I wouldn't know , so its a serious question.

I didn't get nothing right Val, and nope it's not a 'new toy'.

Danasoft has been around for years supplying free avatars and signature pics, they do not track you, they track me via a cookie that I have accepted, a number of webmasters love them as they 'can' help attract additional traffic through a site, via searching the word danasoft on the net will throw up millions of forums where users use their avatar.

The use of a danasoft script does not in anyway violate your privacy, and if you were to go to udonmap's front page and click on the Stats link, you would see exactly the same information (from you) has already been logged by the site. Everytime you click on a link, or press a submit button, you are sending them details which include, your Internet Protocol (IP) address, browser information, operating system, the time of your visit, and the referring location. This, like most other sites, records this basic information about visits to its site.

The purpose of the graphic is to raise awareness about what types of information every Internet website can collect about you.

Tracking an IP address is not a difficult affair as long as they are resolving correctly, it seems that your's may not be, if the correct ip is not being displayed, but other than that I have no idea...

If it bothers you, follow Stevo's advice, use firefox and block it.

yorkman wrote:there are going to be a lot of "spying" questions I think.

Yep you are probably right, but I do not feel that there is a need for it to be removed, my thoughts would be for that surely it is a good thing to actually see the information that websites can extract from you, but more of a reason to read privacy policies when visiting sites to see what they can really get their hands on...

Agree Sean,

Absolutely no need for it to be removed, as long as people understand exactly what it is, and what it is doing, which you have explained. It's actually a very good warning....if you post on the net, send email, or are even just surfing, whatever you might think, use proxies if you wish (no problem), buy software which claims to "hide" you, it can be tracked back unless you are very savvy indeed. Consider how they get the very computer literate virus creators......

As for what is happening with the IP's..hmmmmm

John

Agree Sean & John....
The thing that I found scary was the
"Sometimes I am in Thailand"
Even more reason to stop governments interfering with the net I feel....

Dont worry, the comment's it displays were edited by me

Aah, that is better... thanks Sean, now I can feel slightly less paranoid