Author Topic: virus warning (Read 355 times)

vorticon · « **on:** January 27, 2004, 10:24:25 AM »

http://www.cbc.ca/stories/2004/01/27/mydoom_virus040127'

"Worm spreading rapidly across internet
Last Updated Tue, 27 Jan 2004 11:02:34
TORONTO - A new computer worm is spreading rapidly across the internet, threatening to clog e-mail systems and open a back door for hackers to get into personal computers.

The MyDoom worm, also known as Novarg, comes as an e-mail attachment. Since late Monday, it has been spreading at a rate that rivals last year's Sobig worm.

Some companies have reported getting bombarded with hundreds of e-mails a minute.

Once a computer is infected, the worm copies itself and sends out hundreds of e-mails. It also opens a back door into the host system that could allow a hacker to access or even take control of the computer.

The worm tries to put files into the folder used by the Kazaa file-sharing program, if it exists on the infected computer.

Anti-virus software maker Symantec says the worm also appears ready to launch a denial of service attack from Feb. 1 to Feb. 12.

The worm affects computers running Microsoft Windows versions 95 to XP.

Infected e-mails come with a random subject line, often including phrases such as "Test," "Mail Delivery System'' or "Mail Transaction Failed.'' The attachment could have any of the following file extensions: .bat, .cmd, .exe, .pif, .scr, or .zip.

Clicking on the attachment launches the malicious program.

Computer users are advised to delete the attachment without opening it, and to update their anti-virus software in case they accidentally open an infected attachment.

In August, the Sobig worm cost companies millions of dollars as they struggled to fight it off. "

Written by CBC News Online staff

Maverick · « **Reply #1 on:** January 27, 2004, 10:42:40 AM »

I just got the one labled test with a .doc zipped file attatched. Fotunately since I didn't recognise the sender I automatically deleted it anyhow. This is getting to be a major freaking problem. I hope the originator of this crap gets put away.

Mickey1992 · « **Reply #2 on:** January 27, 2004, 11:52:58 AM »

I just read on CNET that 1 in every 12 emails currently moving across the web was a result of the worm (according to a monitoring company). Scary

Ozark · « **Reply #3 on:** January 27, 2004, 01:35:15 PM »

I got about 10 worm emails today. here is some more info from our IS dept.:

If you receive the following email please delete it immediately and do not open the attachment. If you have received this e-mail and have opened the attachment please call the helpdesk @ 6330.

SUBJECT:
Error
Status
Server Report
Mail Transaction Failed
Mail Delivery System
hello
hi

BODY: (Varies, such as)

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.

Attachment: (varies [.bat, .exe, .pif, .cmd, .scr] - often arrives in a ZIP archive) (22,528 bytes)

examples (common names, but can be random)
doc.bat
document.zip
message.zip
readme.zip
text.pif
hello.cmd
body.scr
test.htm.pif
data.txt.exe
file.scr

airguard · « **Reply #4 on:** January 27, 2004, 01:45:25 PM »

you can dw it manually at the norton website then it will remove any mails with those attachments.

edit : I mean the fix for it ofcourse

Dinger · « **Reply #5 on:** January 27, 2004, 02:24:36 PM »

yeah, it's evidently set up to do a ddos on SCO. this really doesn't help matters with that, unfortunately.

I got 4 of them sent to my raf303 account, and one rejected message (sans attachment) bounced back to said account. It's a forwarding address.