W32.Vutzog.A@mm

W32.Vutsog.A@mm is a mass-mailing worm that spreads by exploiting remote vulnerabilities and through file sharing. The worm gathers the current user's SMTP information from the registry. It also gathers email addresses from Windows Address book and from the files in the following folders:

It may come in an e-mail with one of the following subject lines.

Data format error.
Destination host is not responding.
Mail quota exceeded.
Mail transaction failed.
Mail transaction failed. Data format error.
Mail transaction failed. Mail quota exceeded.
Mail transaction failed. Message is too large.
Mail transaction failed. Partial message is available.
Mail transaction failed. Service unavailable.
Mail transaction failed. Session aborted.
Message is too large.
Network failure.
Service unavailable.
Your message could not be delivered.
Your message is undeliverable.
Your message was not delivered.

Removal instructions

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP.

What is Phishing?

Phishing is the use of sophisticated lures to "fish" for users' financial information and passwords. It is commonly done through email that is intended to trick you into thinking that it requesting information from a legitimate company when in reality it is designed to get you to send information to identity thieves. Phishers try to acquire sensitive information, such as passwords and credit card details, by pretending to be a trustworthy person or company. E-mail messages may look legitimate, featuring corporate logos and design similar to the real messages. Phishers mainly target banking sites and other online sites such as PayPal and eBay. In 2003, the FTC reported that 9.9 million U.S. residents had been victims of identify theft during the past year, which cost businesses and financial institutions $48 billion and consumers $5 billion.

Ways to spot phishing attempts

A phishing e-mail may have a return e-mail address that doesn't match the sender’s address.

Check the e-mail links to websites in the e-mail to make sure it matches the hyperlinked words. See the image below for an example of a link that doesn’t go where it is saying it will go. It is made to appear to go to http://www.woodgrovebank.com when it fact its going to http://192.168.255.2045 etc. If holding the mouse over the link doesn’t show you the properties then try right clicking the link and selecting Properties.

Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of the legitimate entity's URL over the address bar, or by closing the original address bar and opening a new one containing the legitimate URL

In some phishing scams, the e-mail mentions organizations to gain your trust such as the American National Bank which may or may not even exist.

There may be a phone number you can call with questions. Just because there is a number listed, don’t assume that it is a real number or if you call it you will be talking to someone you can trust.

If you got more than one copy of a suspicious email, it should alert you that there might be something illegitimate going on.

Watch for misspelled website addresses. Many phishers will change the spelling of the URL just enough that you don’t notice it such as changing www.onlinecomputertips.com to www.onilnecomputertips.com.

Steps being taken to fight phishing

Anti-phishing measures have been implemented in the latest web browsers, such as extensions or toolbars for browsers, and as part of website login procedures. A new approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list. Microsoft's new IE7 browser, Mozilla Firefox 2.0, and Opera all contain this anti-phishing technology. Phishing Protection is turned on by default in Firefox 2, and works by checking the sites that you browse to against a list of known phishing sites. This list is automatically downloaded and regularly updated when the Phishing Protection feature is enabled.

Several websites that ask users to select a personal image, and display this image with any forms that request a password. Users should only enter a password when they see the image they selected to assure the site is legitimate.

Tips on how to avoid phishing

If you receive an e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links within the e-mail. Businesses should not ask you to send passwords, login information, Social Security numbers, or other personal information through e-mail.

Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar showing the site is secure. Also look for https instead of http in the address bar.

Be sure to carefully check the return email address to make sure it matches the sending address.

Install the Microsoft Phishing Filter for Internet Explorer 7 if you are using IE 7
http://www.microsoft.com/athome/security/online/phishing_filter.mspx

Don’t email personal or financial information to anyone even if you know them.

Check all URLs for proper spelling to make sure the link is going where it says it is

All Tips

Lori writes in with a Windows question
Q. Lately when I have tried to download a program, pictures, etc. from the internet my computer downloads or opens it using Notepad. And all that shows up are a bunch of jumbled letters that don't go together. Could you please tell me how I can correct this problem?

A. It sounds like your file associations need to be corrected. A file association is used by Windows to tell it what program to use to open what kind of file based on its file extension. For example a file that ends in the .doc file extension would be opened with Microsoft Word. Check out this link for more information on how to set file associations.

Windows hides file extensions by default. Check this link for information on how to have Windows show the file extensions for your files.

All Questions

Internet under attack!

On February 5th three of the Internet's 13 root servers came under heavy and sustained attack from a fairly massive, remote-controlled network of computers These root servers are the computers that provide the primary roadmap for nearly all Internet communications. These attack computers were programmed to try to overwhelm several of the root servers with large amounts of traffic.

Among the apparent targets was a root server controlled by the Department of Defense Network Information Center.

Experts suggest that South Korea, China and the United States were the biggest source of computers used in the attack.

Experts estimate that at any given time there are tens of millions of hacked personal computers that are used in attacks or, more commonly, in sending spam and hosting phishing Web sites.

Full Story

Go to The OCT News Blog

Is there something you would like to see on the newsletter or OnlineComputerTips.com?

Please send us a suggestion

Corporate Consulting:
We offer corporate computer consulting for small to medium to large businesses. We specialize in the Southern Ventura County area of Southern California

Learn More

Resources and Fixes:
Find the latest resources, fixes and updates for your comptuer.

Learn More