Saturday, February 25, 2006

The Tammy NYP sex video virus

For those of you who are searching high and low for the Tammy NYP sex video, please do take note that there are reports of virus in the video file. You should be wary when you download the video from websites, forums and blogs that claimed to have the sex video. One email from a reader say that there might be attempts to spread the Tammy sex video with the virus via emails too.

There's one blog at that is rather suspicious to me. I came across it last night after another reader told me to take a look at it. The blog has links to a zip file containing the video and love chat messages. It also has links to only the love chat messages in word document format.

Yesterday, the owner of the blog wrote to say that there is no virus in his files:
I would like to thank a certain blog let’s just call him bbbbbbbreport for reporting there’s a virus. However I think he doesn’t mean this site has the virus infected file. Or else all the computers in my jc would have been infected by now, since I had my friends download it. I even scan the files in the lab computer before I uploaded it. I would like to point out that he didn’t say the name of the virus and which file had the virus. Is it the doc file or the zip file. Or which website has it. Certainly it’s not my blog...

What is he doing? Some would think it’s misdirection. Shifting the blame by pointing the attention elsewhere. May be he could point out which site has the virus. It’s certainly not this site. Once people download the files and scan it. They will know.

Anyway if you are worry about virus just scan the files before you open it. Or if you are paranoid just sent it to your gmail or yahoo mail account. The antivirus software there is more powerful.
One fact that the blogger fails to mention is that zip files are dangerous. They can hide worms and viruses that may be destructive to your computer. This article from PC World tells more:
The .zip attachments were evidence of what antivirus experts say is a new trend in virus writing circles: using compressed .zip files to hide viruses and elude detection by antivirus engines...

While .zip files were occasionally used to mask virus payloads, the practice wasn't common in virus writing circles because .zip, unlike .scr and .pif files, required separate software to be installed on the receiving system before the files could be opened and run on ubiquitous Windows machines, he says.

All that changed with the release of Microsoft's Windows XP operating system, which includes native support for opening .zip files. That allows virus writers to count on users being able to unzip their attachment and open the virus file stored inside, Shipp says...

The files have other advantages for virus authors, as well, says Vipul Ved Prakash, founder and chief scientist at antispam company Cloudmark of San Francisco.

For mass mailing worms like Mydoom, zipping the virus payload makes it smaller and enables the worm to mail out more copies of itself in the same length of time than it could with uncompressed .scr, .pif, or .exe files, Prakash says.

Zipping also changes the unique signature on the virus attachment, making it harder for antivirus engines to detect the malicious program, he says...

A recent security advisory from AERAsec Network Services and Security GmbH in Hohenbrunn, Germany, found that many antivirus engines are vulnerable to denial of service attacks from so-called "decompression bombs," in which gigabytes of data are zipped into very small files.

Antivirus engines that try to unzip these bombs often crash when trying to handle the huge amount of data stored in them, AERAsec researchers warn.

While decompression bombs have been around since the 1980s, many software products, including antivirus engines, still do not detect such attacks, says Harald Geiger of AERAsec.
I'm not saying for sure that the files provided by the blogger mentioned above contain virus and worms that will harm your computer. If he really wants to share the sex video, he could have provided the video file in its original format instead of zipping it. To the best of my knowledge, the original Tammy NYP sex video is in 3gp format (file ending with .3gp) which is a mobile phone video format. So if you find any video claiming to be the real Tammy NYP sex video but it is not in the 3gp format, you should think twice before you download it especially if it is in a zip file.

Update: is now suspended.

Guy wants government to regulate blogs because of Tammy
Get your Tammy NYP merchandise, video and domain
Paris Hilton talks about Tammy
Don't do a Tammy


Anonymous said...

if that sex video i downloaded is 3gp format... then is it no need to worry that video contained virus??

Anonymous said...

You rock dude! Thanks for the warning.

Anonymous said...

The Tammy NYP Video blog does indeed look suspicious...only got three entries...first two is about the links to the files and the last is about him saying there's no virus in the files.

Anonymous said...

thanks IZ

Anonymous said...

y the hell muz he put the video is a zip file?

it is only 5mb in size.

Anonymous said...

You can all get the video using p2p programs such as Bearshare Lite

Anonymous said...

Juz wait till the Tammy video email gets around. The virus makes will be having a field day!

Anonymous said...

Not surprise that some naughty people would be putting a virus payload together with the video.

Anonymous said...

The blog has been suspended.