Techno babble from an IT guy named Harry

Check this email out.  It came from our Trend Micro support rep.  They are acting like the reported Electronic Jihad virus might be catastrophic, even though they don’t know if it will work.  Their last sentence is the most bizarre because of its alarmist overtone and misspelling.  Let paranoia reign!

Dear PSP Customer,

Real-world terrorists are once again threatening to take their jihad (Holy War) to cyberspace. The notorious Al-Qaeda has threatened to launch a Web attack on Western anti-Muslim Web sites on the 11th of November, according to DEBKAfile, an online military intelligence magazine. An attack like this could be unleashed via the Electronic Jihad Version 2.0 software, which is not actually new and has been around for about three years now. The said software is capable of distributed denial-of-service (DDoS) attacks. It is also configurable and flexible, which makes it easy for cyber-terrorists to be more effective in the said attacks. Detailed Malware description: http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=HKTL%5FDAHIJ%2EA&VSect=Td
Researchers across the industry have raised quizzical eyebrows as similar threats have turned out to be a dud, like the cyber attack that never happ ened against U.S. banks and financial institutions in December 2006. However, such software was recently discovered by Trend Micro researchers. The hacking tool, which is detected as HKTL_DAHIJ.A, arrives as an installer package and may be downloaded from a remote site. This hacking tool connects to a URL for verification purposes. After successfully establishing a connection, it downloads a list from several URLs. The said list, which contains another set of URLs, is used by the affected system to launch Denial-of-Service (DOS) attacks for the so-called e-jihad.

We’ve been getting sporadic, but steady reports of the TROJ_DLOADER.SPI virus being detected on machines.  Trend Micro claims it’s not “in the wild.”  That’s not true.  I haven’t seen this many virus reports for XP in a long time.  Trend Micro’s fix is to update DAT’s and scan the machine.  I’ve tried to figure out what other anti-virus program providors are calling this virus to see if they recommend a different fix.  The virus appears to come from webpages.  Here’s a sample error:

Threat Alert from Anti-Virus ServerOfficeScan detected TROJ_DLOADER.SPI on PCname in my domains.

An alert just came in from Trend Micro that says they are concerned about a potential Internet attack.  This is vague and I know it sounds like it’s coming from the US Department of “Homeland Security.”  Here it is:

High Probe Traffic Seen on ServerProtect Port 5168

PSP Announcement - 8/23/2007 6:53:13 AM - Proactive Notification: High Probe Traffic Seen on ServerProtect Port 5168 - Dear All:ICS [1] has reported a spike in the probe traffic on port 5168 which is used by ServerProtect. This might be an indication that hackers are preparing to launch an attack against this port. At this point however, we have not received any reports or samples which demonstrate the exploit.Please ensure that your Server Protect Systems have applied security patch 4 to ensure that known vulnerabilities are patched.