+ Reply to Thread
Page 1 of 2
1 2 LastLast
Results 1 to 15 of 19
  1. #1
    Join Date
    Oct 2002
    Posts
    10,988

    Serious Warning (Virus)

    http://www.symantec.com/avcenter/ven...varg.a@mm.html
    A customer from my wife got hit (NT, Exchange 5.5) yesterday nite, we were clueless all day. not much known at this point ...
    One thing for sure it's Nasty,
    Symantec gave this creature a Cat 4 right off the bat!
    W32.Novarg.A@mm
    "

  2. #2
    Join Date
    Sep 2002
    Posts
    2,857
    Shame there is no update. Latest appears to be 1/23.

  3. #3
    Join Date
    Oct 2002
    Posts
    10,988
    Originally posted by timechange.com
    Shame there is no update. Latest appears to be 1/23.
    I understand it's a brand new threat...as of 1/26
    All others (Mcaffee, Ca) have also limited info...
    Messagelabs has no info...
    NT Server, Exchange , and Norton became corrupted...
    Aliases

    Novarg (F-Secure), W32.Novarg.A@mm (Symantec), Win32.Mydoom.A (CA), Win32/Shimg (CA), WORM_MIMAIL.R (Trend
    "

  4. #4
    Join Date
    Oct 2002
    Posts
    10,988

    just got this ..don't want to be alarmist.

    Warning: Mydoom virus spreading rapidly

    MessageLabs, the leading provider of managed email security services to businesses worldwide, has intercepted a high number of copies of a new worm known as W32/Mydoom.A-mm.

    Name: W32/Mydoom.A-mm
    Number of copies intercepted so far: 165,598
    Time & Date first captured: 13.03pm GMT, 26th Jan 04
    Origin of first intercepted copy: Russia

    W32/Mydoom.A-mm is a mass-mailing worm that attempts to spread via email and by copying itself to any available shared directories used by Kazaa.

    The worm harvests addresses from infected machines and targets files with the following extensions:
    .wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm, .txt.

    W32/Mydoom.A-mm also tries to randomly generate or guess likely email addresses to send itself to.

    In addition, initial analysis suggests that Mydoom opens a connection on TCP port 3127, an indication of a remote access component.

    Email characteristics:

    From: Random, spoofed email address

    Subject: Random

    Text: Various, including:

    · The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

    · The message contains Unicode characters and has been sent as a binary attachment.

    · Mail transaction failed. Partial message is available.

    Attached file: Various,extensions including .exe, .pif, .cmd, .scr. The attachment often arrives in a zip archive, and is also represented by what appears to be a text file icon, but is in fact an executable.

    Size: 22,528 bytes

    Detection:

    MessageLabs detected all strains of this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.
    "

  5. #5
    Join Date
    Jan 2003
    Location
    Mexico
    Posts
    3,831
    Don't worry about it, Sir Bill is going to stop spam and viruses in their tracks.

    You'll just have to wait 2 years, and probably pay EVEN MORE.

    Then there are the people that gave up on Windows around the Win95 era, and are sitting pretty on their Mac's and Linux boxen, wondering why people still put up with this crap.
    Captain Stupid.
    Jimmy James Inc. fan club membership # 3312

  6. #6
    Join Date
    Sep 2002
    Location
    Chicago
    Posts
    713
    Got a copy of this sent to me today:

    Partial message with an attached stuffit file

    Never opened it, but I 'm on a Mac so I guess it wouldn't have mattered.
    I always find it interesting when people claim pc's are superior to Macs when I see the multitudes of virus and security issues ( not to mention OS instability ) in MS products.

    Guess it keeps Billy in biz and lots of IT folks employed.

  7. #7
    Join Date
    Oct 2002
    Posts
    10,988
    in my wife owns words:
    "I hate Microsoft"
    P.S She said that with klez too...
    "

  8. #8
    Join Date
    Sep 2002
    Posts
    2,857
    Anyone else experiences a lot of network latency? could it be the worm?

  9. #9
    Join Date
    Nov 2002
    Posts
    14,877
    Originally posted by timechange.com
    Anyone else experiences a lot of network latency? could it be the worm?
    Yes.

    I was wondering what the hell was going on yesterday. I restored all my systems from a clean ghost image and it latency would not go away. I finally decided that it most have been a Commcast network issue which it looks like it was.

    Basically, it was as if I was on a dialup modem and not a cable modem.

  10. #10
    Join Date
    Jan 2003
    Location
    Mexico
    Posts
    3,831
    I'm getting all the bounces from mail sent in my name by stupid people with Outlook who've happily installed the virus on their machines.

    Sometimes I wish Sir Bill had been right when he said the Internet was a blip and that MSN was going to replace it. That way all these Windows wallies would be on their own network, infecting each other with virii and spam and the rest of us wouldn't have to put up with the fallout.
    Captain Stupid.
    Jimmy James Inc. fan club membership # 3312

  11. #11
    Join Date
    Sep 2002
    Location
    Chicago
    Posts
    713
    I just got 10 more ... haven't looked in the junk box yet either. When are people going to learn not to open unkown files?

  12. #12
    Join Date
    Oct 2002
    Posts
    10,988

    the plot thickens..

    According to Symantec's Web site,(mydoom/novarg) it's designed to launch a so-called denial of service against www.sco.com, the home page of software company SCO Group Inc. (SCOX, news) . Such attacks aim to flood a site with bogus traffic in the hopes of shutting it down.

    The SCO site was functional recently, though slow to download.

    SCO suffered a number of these coordinated attacks last year, and at the time blamed supporters of the Linux operating system. SCO, based in Linden, Utah, roiled the Linux community after it filed a lawsuit against International Business Machines Corp. (IBM, news) claiming some of SCO's Unix software code was copied into Linux. SCO is seeking royalties from Linux users.

    In addition, SCO last week sued Novell Inc. (NOVL, news), alleging that it is falsely claiming ownership of Unix and interfering with SCO's rights to the operating system. Novell said it has rights covering Unix software and will " vigorously defend" itself.

    SCO spokesman Blake Stowell said the virus is designed to direct victim PCs to attack the SCO's corporate Web site, but declined to speculate on who might be behind the attack. Stowell said he has heard reports that the site was downloading slowly, but said the company's measurement tools pointed to normal site operation.

    "As of right now, we're not in the middle of a DOS attack," he said. However, Stowell conceded "we could be in the beginning stages of this now."

    SCO's information-technology team and Internet-service provider -- a denial of service victim's best ally -- are monitoring the situation closely and looking to see what defensive measures may be available. Denial of service, or DOS, attacks tend to be difficult to stop because it's hard to separate "good" customer traffic from "bad" attack traffic.

    Whole story:
    http://www.quicken.com/investments/n...r&column=P0DFP
    "

  13. #13
    Join Date
    Jan 2003
    Location
    Mexico
    Posts
    3,831
    Those dumb-arse antivirus software writeres are making the problem worse.

    1/2 of the bounces I'm getting back are from virus detection systems warning that I have the virus (which is bull****). Problem is, they're NOT stripping out the viral payload, they they're the ones delivering the virus around the planet.

    Talk about ****-for-brains.
    Captain Stupid.
    Jimmy James Inc. fan club membership # 3312

  14. #14
    Join Date
    Sep 2002
    Posts
    213

    Oh man... you take drastic steps

    I was wondering what the hell was going on yesterday. I restored all my systems from a clean ghost image and it latency would not go away. I finally decided that it most have been a Commcast network issue which it looks like it was.
    You notice latency and reinstall your OS? Kinda drastic step isn't it? How about Ping/traceroute ? didn't those help?


  15. #15
    Join Date
    Oct 2002
    Posts
    10,988

    it appears mydoom is a different animal..

    a new variant ".b"
    http://securityresponse.symantec.com...doom.b@mm.html
    Not much known yet...
    Last edited by Domo Sapiens; 01-28-2004 at 03:57 AM.
    "

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  

Sponsors

Ending Auctions

Poll

Besides domain registrations, I prefer to work with a registrar that also offers this service?
1. Hosting
2. Marketplace for buying/selling domains
3. Domain Parking
4. Free Webpage with For Sale message
5. Other
to see the Poll results!
 
DomainState.com
Domain Tools | Domain Directory | Registrar Stats | Domain Glossary | Industry Events | FAQ | Members | Terms | RSS | Link To Us | Advertise | Contact Us
Other Related Trellian Services:
Above Domain Parking Manager   |   Free Search Toolbar   |   Free Webpage Builder   |   Keyword Research   |   Search Engine Submission   |   SEO Tools
Copyright © 2002 DomainState.com a Trellian Company