Security Tango - Keep Your Computer Clean

What is the Security Tango?

The Security Tango is my name for the dance you have to do every time you want to assure yourself that your computer is free of viruses, spyware, keystroke loggers, backdoors, trojans, and other forms of malware (click the Definitions button on the left to see what all those things mean). It's something you need to do regularly and often - daily is not too often! The simple act of getting on the Internet and downloading email or going to a Web page can expose your computer to malicious crackers who would love to take over your machine for their own use.

Let's Dance!

To dance the Security Tango, click the Let's Dance button on the left.

Two left feet? Don't worry - it's not as hard as you might think!

Which Operating System Do You Use?

Originally, the Security Tango was mostly for Windows-based computers. I'm sure that those of you running Linux or a Macintosh used to laugh yourselves sick at all the machinations that your Windows-using friends had to go through to keep themselves safe. But don't get too complacent - your time is here! As Linux and the Mac have become more popular, we've see more viruses for them. Yes, there are verified malware programs out there for both the Macintosh and for Linux. You need to protect yourself. Equally importantly, if you don't at least run an antivirus program, you run the risk of passing a virus on to your Windows friends (assuming any of them actually talk to you). And that's just not being a good net citizen!

So I've split the Tango into three parts - one for Windows, one for Linux, and one for the Macintosh. But you get to all of them by that same "Let's Dance!" button on the left!

Top 10 Active Virus Alerts

Net-Worm.Win32.Kido
Kaspersky Lab has detected that multiple variants of Kido, a polymorphic worm, are currently spreading widely.
Net-Worm.Win32.Kido exploits a critical vulnerability (MS08-067) in Microsoft Windows to spread via local networks and removable storage media.
The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines.
Users are strongly recommended to ensure their antivirus databases are up to date. A patch for the vulnerability is available from Microsoft.

Detailed descriptions of Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.dv and Net-Worm.Win32.Kido.fx are available in the Virus Encyclopaedia. A dedicated removal tool is available here.

Virus.Win32.Gpcode.ak
Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak.

The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key.

After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message:

Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com

Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.

Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers.

Detection of Virus.Win32.Gpcode.ak was added to Kaspersky Anti-Virus signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already.

If you have fallen victim to Gpcode.ak, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine. Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected: which programs you have executed, which websites you have visited, etc. We'll try and help you recover any data that has been encrypted.

For more information about the malicious program, please read our weblog.

Email-Worm.Win32.Warezov.nf
Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.nf. At 8.00 Moscow Standard Time, 19 April 2007, 70-85% of the malicious content in mail traffic consisted of various forms of a new modification of Warezov - the Warezov.nf worm.

A few hours before this point, there was a noticeable increase in mail traffic of an earlier modification of Warezov - Warezov.do which featured in the October 2006 Top 20.

If you are using Kaspersky Anti-Virus 6.0 or Kaspersky Internet Security 6.0 with Proactive Protection turned on, new variants will be detected without the need to update your antivirus databases.

A full description of Email-Worm.Win32.Warezov.nf is now available in the Virus Encyclopaedia.

Email-Worm.Win32.Warezov.mx
A new version of Warezov, Email-Worm.Win32.Warezov.mx has been mass-mailed.

The worm spreads as an attachment to infected emails. Once launched, it may terminate antivirus and firewall programs and download other malware.

An urgent update to antivirus databases has been released.

If you are using Kaspersky Anti-Virus/ Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Email-Worm.Win32.Warezov.ms
Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.ms. The mass mailing started on 3rd April 2007.

The worm spreads as an attachment to infected emails. Once launched, it may terminate antivirus and firewall programs and download other malware.

An urgent update to antivirus databases has been released.

If you are using Kaspersky Anti-Virus/ Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

A detailed description of Email-Worm.Win32.Warezov.ms will be available in the near future.

Email-Worm.Win32.Zhelatin
Multiple variants of Email-Worm.Win32.Zhelatin are currently spreading. The most recent variants are Zhelatin.u, Zhelatin.r and Zhelatin.t

New variants may be functionally similar to each other and to previous variants.

Users are reminded to keep their antivirus protection up to date, and to scan any suspicious emails with an antivirus solution.

If you are using Kaspersky Anti-Virus or Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

A detailed description of Email-Worm.Win32.Zhelatin.o is available in the Virus Encyclopaedia.

Email-Worm.Win32.Zhelatin.u
Kaspersky Lab has detected a new variant of Zhelatin, Email-Worm.Zhelatin.u.

Zhelatin.u is a repacked version of an earlier modification, and has the same functionality as previous variants.

Users are reminded to keep their antivirus protection up to date.

If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Email-Worm.Win32.Zhelatin.r
Kaspersky Lab has detected a sharp increase in the volume of Email-Worm.Win32.Zhelatin.r in mail traffic.

It is functionally identical to Zhelatin.o. Zhelatin.r is simply a repacked version.

If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Email-Worm.Win32.Zhelatin.o

Kaspersky Lab has detected a mass mailing of Email-Worm.Win32.Zhelatin.o, which is spreading as an attachment to infected emails.

Zhelatin.o is very similiar to the first Zhelatin variant - Zhelatin.a.

The Kaspersky anti-virus databases have been updated and users are recommended to update as soon as possible.

Possible subjects in infected emails:

I Always Knew
I Am Lost In You
I Believe
I Can't Function
I Dream of you
I Give to You
I Love Thee
I Love You Mower
I Love You So
I Love You Soo Much
I Love You with All I Am
I Still Love You
I Think of You
I Win with You
I Woof You

Possible names for attachments containing the body of the worm:

Postcard.exe
flash postcard.exe
greeting card.exe
greeting postcard.exe

Possible texts in the emails:

You + Me
You Are My Guiding Star
You Asked Me Why
You Brighten My Day
You Lucky Duck!
You Rock Me!
You Were Worth the Wait
You and I
You and I Forever
You are out of this world
You're My Hero
You're Soo kissable
You're so Far Away
You're the One
Your Love Has Opened
Your Silly Smile
flash postcard.exe
greeting card.exe
greeting postcard.exe

A detailed description of Email-Worm.Win32.Zhelatin.o is now available in the Kaspersky Virus Encyclopaedia.

Email-Worm.Win32.Warezov
Kaspersky Lab has detected mass mailings of new variants of Email-Worm.Win32.Warezov, which started on 15th January, 2007.

A new version is being sent out in each mass mailing. The variants are all highly similar, and spread as an attachment to infected emails. Once launched, they may terminate antivirus and firewall programs and download other malware.

Antivirus updates have been released for all the latest variants. Users are strongly recommended to ensure that they keep their antivirus software up to date.

If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Further details of the latest variants will be available in the near future.

The Ask Nick!™ The Ask Nick!™ Security Security Tango™ Tango™ Sponsored by Sponsored by

Tango Links: Home Let's Dance! Good Passwords Nick's Blog Get the CD Definitions Security News Blame, Credits, etc. Windows Links: *Anti-Virus:* McAfee Security Symantec (Norton) CA's eTrust Grisoft's AVG avast! Panda Software *Anti-Malware:* SuperAntiSpyware Malwarebytes *Firewalls:* ZoneAlarm McAfee Firewall Norton Firewall	The Security Tango on Facebook What is the Security Tango? The Security Tango is my name for the dance you have to do every time you want to assure yourself that your computer is free of viruses, spyware, keystroke loggers, backdoors, trojans, and other forms of malware (click the Definitions button on the left to see what all those things mean). It's something you need to do regularly and often - daily is not too often! The simple act of getting on the Internet and downloading email or going to a Web page can expose your computer to malicious crackers who would love to take over your machine for their own use. Let's Dance! To dance the Security Tango, click the Let's Dance button on the left. Two left feet? Don't worry - it's not as hard as you might think! Which Operating System Do You Use? Originally, the Security Tango was mostly for Windows-based computers. I'm sure that those of you running Linux or a Macintosh used to laugh yourselves sick at all the machinations that your Windows-using friends had to go through to keep themselves safe. But don't get too complacent - your time is here! As Linux and the Mac have become more popular, we've see more viruses for them. Yes, there are verified malware programs out there for both the Macintosh and for Linux. You need to protect yourself. Equally importantly, if you don't at least run an antivirus program, you run the risk of passing a virus on to your Windows friends (assuming any of them actually talk to you). And that's just not being a good net citizen! So I've split the Tango into three parts - one for Windows, one for Linux, and one for the Macintosh. But you get to all of them by that same "Let's Dance!" button on the left! Top 10 Active Virus Alerts Net-Worm.Win32.Kido Kaspersky Lab has detected that multiple variants of Kido, a polymorphic worm, are currently spreading widely. Net-Worm.Win32.Kido exploits a critical vulnerability (MS08-067) in Microsoft Windows to spread via local networks and removable storage media. The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines. Users are strongly recommended to ensure their antivirus databases are up to date. A patch for the vulnerability is available from Microsoft. Detailed descriptions of Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.dv and Net-Worm.Win32.Kido.fx are available in the Virus Encyclopaedia. A dedicated removal tool is available here. Virus.Win32.Gpcode.ak Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak. The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key. After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message: Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: *******@yahoo.com Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.* Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers. Detection of Virus.Win32.Gpcode.ak was added to Kaspersky Anti-Virus signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already. If you have fallen victim to Gpcode.ak, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine. Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected: which programs you have executed, which websites you have visited, etc. We'll try and help you recover any data that has been encrypted. For more information about the malicious program, please read our weblog. Email-Worm.Win32.Warezov.nf Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.nf. At 8.00 Moscow Standard Time, 19 April 2007, 70-85% of the malicious content in mail traffic consisted of various forms of a new modification of Warezov - the Warezov.nf worm. A few hours before this point, there was a noticeable increase in mail traffic of an earlier modification of Warezov - Warezov.do which featured in the October 2006 Top 20. If you are using Kaspersky Anti-Virus 6.0 or Kaspersky Internet Security 6.0 with Proactive Protection turned on, new variants will be detected without the need to update your antivirus databases. A full description of Email-Worm.Win32.Warezov.nf is now available in the Virus Encyclopaedia. Email-Worm.Win32.Warezov.mx A new version of Warezov, Email-Worm.Win32.Warezov.mx has been mass-mailed. The worm spreads as an attachment to infected emails. Once launched, it may terminate antivirus and firewall programs and download other malware. An urgent update to antivirus databases has been released. If you are using Kaspersky Anti-Virus/ Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases. Email-Worm.Win32.Warezov.ms Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.ms. The mass mailing started on 3rd April 2007. The worm spreads as an attachment to infected emails. Once launched, it may terminate antivirus and firewall programs and download other malware. An urgent update to antivirus databases has been released. If you are using Kaspersky Anti-Virus/ Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases. A detailed description of Email-Worm.Win32.Warezov.ms will be available in the near future. Email-Worm.Win32.Zhelatin Multiple variants of Email-Worm.Win32.Zhelatin are currently spreading. The most recent variants are Zhelatin.u, Zhelatin.r and Zhelatin.t New variants may be functionally similar to each other and to previous variants. Users are reminded to keep their antivirus protection up to date, and to scan any suspicious emails with an antivirus solution. If you are using Kaspersky Anti-Virus or Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases. A detailed description of Email-Worm.Win32.Zhelatin.o is available in the Virus Encyclopaedia. Email-Worm.Win32.Zhelatin.u Kaspersky Lab has detected a new variant of Zhelatin, Email-Worm.Zhelatin.u. Zhelatin.u is a repacked version of an earlier modification, and has the same functionality as previous variants. Users are reminded to keep their antivirus protection up to date. If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases. Email-Worm.Win32.Zhelatin.r Kaspersky Lab has detected a sharp increase in the volume of Email-Worm.Win32.Zhelatin.r in mail traffic. It is functionally identical to Zhelatin.o. Zhelatin.r is simply a repacked version. If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases. Email-Worm.Win32.Zhelatin.o Kaspersky Lab has detected a mass mailing of Email-Worm.Win32.Zhelatin.o, which is spreading as an attachment to infected emails. Zhelatin.o is very similiar to the first Zhelatin variant - Zhelatin.a. The Kaspersky anti-virus databases have been updated and users are recommended to update as soon as possible. Possible subjects in infected emails: I Always Knew I Am Lost In You I Believe I Can't Function I Dream of you I Give to You I Love Thee I Love You Mower I Love You So I Love You Soo Much I Love You with All I Am I Still Love You I Think of You I Win with You I Woof You Possible names for attachments containing the body of the worm: Postcard.exe flash postcard.exe greeting card.exe greeting postcard.exe Possible texts in the emails: You + Me You Are My Guiding Star You Asked Me Why You Brighten My Day You Lucky Duck! You Rock Me! You Were Worth the Wait You and I You and I Forever You are out of this world You're My Hero You're Soo kissable You're so Far Away You're the One Your Love Has Opened Your Silly Smile flash postcard.exe greeting card.exe greeting postcard.exe A detailed description of Email-Worm.Win32.Zhelatin.o is now available in the Kaspersky Virus Encyclopaedia. Email-Worm.Win32.Warezov Kaspersky Lab has detected mass mailings of new variants of Email-Worm.Win32.Warezov, which started on 15th January, 2007. A new version is being sent out in each mass mailing. The variants are all highly similar, and spread as an attachment to infected emails. Once launched, they may terminate antivirus and firewall programs and download other malware. Antivirus updates have been released for all the latest variants. Users are strongly recommended to ensure that they keep their antivirus software up to date. If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases. Further details of the latest variants will be available in the near future. Courtesy Kasperky Lab
Text, "Security Tango," and logo Copyright © 2010 Nick Francesco Hosting provided by CLSS Enterprises, the greatest host on Earth This page has been accessed 316,044* times.*

What is the Security Tango?

Let's Dance!

Which Operating System Do You Use?

Top 10 Active Virus Alerts

Possible subjects in infected emails:

Possible names for attachments containing the body of the worm:

Possible texts in the emails:

Courtesy Kasperky Lab