Serious Warning (Virus)

[Domo Sapiens]

http://www.symantec.com/avcenter/ven...varg.a@mm.html
A customer from my wife got hit (NT, Exchange 5.5) yesterday nite, we were clueless all day. not much known at this point ...
One thing for sure it's Nasty,
Symantec gave this creature a Cat 4 right off the bat!
W32.Novarg.A@mm

[RADiSTAR]

Shame there is no update. Latest appears to be 1/23.

[Domo Sapiens]

Originally posted by timechange.com
Shame there is no update. Latest appears to be 1/23.

I understand it's a brand new threat...as of 1/26
All others (Mcaffee, Ca) have also limited info...
Messagelabs has no info...
NT Server, Exchange , and Norton became corrupted...
Aliases

Novarg (F-Secure), W32.Novarg.A@mm (Symantec), Win32.Mydoom.A (CA), Win32/Shimg (CA), WORM_MIMAIL.R (Trend

[Domo Sapiens]

Warning: Mydoom virus spreading rapidly

MessageLabs, the leading provider of managed email security services to businesses worldwide, has intercepted a high number of copies of a new worm known as W32/Mydoom.A-mm.

Name: W32/Mydoom.A-mm
Number of copies intercepted so far: 165,598
Time & Date first captured: 13.03pm GMT, 26th Jan 04
Origin of first intercepted copy: Russia

W32/Mydoom.A-mm is a mass-mailing worm that attempts to spread via email and by copying itself to any available shared directories used by Kazaa.

The worm harvests addresses from infected machines and targets files with the following extensions:
.wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm, .txt.

W32/Mydoom.A-mm also tries to randomly generate or guess likely email addresses to send itself to.

In addition, initial analysis suggests that Mydoom opens a connection on TCP port 3127, an indication of a remote access component.

Email characteristics:

From: Random, spoofed email address

Subject: Random

Text: Various, including:

· The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

· The message contains Unicode characters and has been sent as a binary attachment.

· Mail transaction failed. Partial message is available.

Attached file: Various,extensions including .exe, .pif, .cmd, .scr. The attachment often arrives in a zip archive, and is also represented by what appears to be a text file icon, but is in fact an executable.

Size: 22,528 bytes

Detection:

MessageLabs detected all strains of this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.

[Drewbert]

Don't worry about it, Sir Bill is going to stop spam and viruses in their tracks.

You'll just have to wait 2 years, and probably pay EVEN MORE.

Then there are the people that gave up on Windows around the Win95 era, and are sitting pretty on their Mac's and Linux boxen, wondering why people still put up with this crap.

[zoot]

Got a copy of this sent to me today:

Partial message with an attached stuffit file

Never opened it, but I 'm on a Mac so I guess it wouldn't have mattered.
I always find it interesting when people claim pc's are superior to Macs when I see the multitudes of virus and security issues ( not to mention OS instability ) in MS products.

Guess it keeps Billy in biz and lots of IT folks employed.

[Domo Sapiens]

in my wife owns words:
"I hate Microsoft"
P.S She said that with klez too...

[RADiSTAR]

Anyone else experiences a lot of network latency? could it be the worm?

[ILikeInfo]

Originally posted by timechange.com
Anyone else experiences a lot of network latency? could it be the worm?

Yes.

I was wondering what the hell was going on yesterday. I restored all my systems from a clean ghost image and it latency would not go away. I finally decided that it most have been a Commcast network issue which it looks like it was.

Basically, it was as if I was on a dialup modem and not a cable modem.

[Drewbert]

I'm getting all the bounces from mail sent in my name by stupid people with Outlook who've happily installed the virus on their machines.

Sometimes I wish Sir Bill had been right when he said the Internet was a blip and that MSN was going to replace it. That way all these Windows wallies would be on their own network, infecting each other with virii and spam and the rest of us wouldn't have to put up with the fallout.

[zoot]

I just got 10 more ... haven't looked in the junk box yet either. When are people going to learn not to open unkown files?

[Domo Sapiens]

According to Symantec's Web site,(mydoom/novarg) it's designed to launch a so-called denial of service against www.sco.com, the home page of software company SCO Group Inc. (SCOX, news) . Such attacks aim to flood a site with bogus traffic in the hopes of shutting it down.

The SCO site was functional recently, though slow to download.

SCO suffered a number of these coordinated attacks last year, and at the time blamed supporters of the Linux operating system. SCO, based in Linden, Utah, roiled the Linux community after it filed a lawsuit against International Business Machines Corp. (IBM, news) claiming some of SCO's Unix software code was copied into Linux. SCO is seeking royalties from Linux users.

In addition, SCO last week sued Novell Inc. (NOVL, news), alleging that it is falsely claiming ownership of Unix and interfering with SCO's rights to the operating system. Novell said it has rights covering Unix software and will " vigorously defend" itself.

SCO spokesman Blake Stowell said the virus is designed to direct victim PCs to attack the SCO's corporate Web site, but declined to speculate on who might be behind the attack. Stowell said he has heard reports that the site was downloading slowly, but said the company's measurement tools pointed to normal site operation.

"As of right now, we're not in the middle of a DOS attack," he said. However, Stowell conceded "we could be in the beginning stages of this now."

SCO's information-technology team and Internet-service provider -- a denial of service victim's best ally -- are monitoring the situation closely and looking to see what defensive measures may be available. Denial of service, or DOS, attacks tend to be difficult to stop because it's hard to separate "good" customer traffic from "bad" attack traffic.

Whole story:
http://www.quicken.com/investments/n...r&column=P0DFP

[Drewbert]

Those dumb-arse antivirus software writeres are making the problem worse.

1/2 of the bounces I'm getting back are from virus detection systems warning that I have the virus (which is bull****). Problem is, they're NOT stripping out the viral payload, they they're the ones delivering the virus around the planet.

Talk about ****-for-brains.

[MaadMaax]

I was wondering what the hell was going on yesterday. I restored all my systems from a clean ghost image and it latency would not go away. I finally decided that it most have been a Commcast network issue which it looks like it was.

You notice latency and reinstall your OS? Kinda drastic step isn't it? How about Ping/traceroute ? didn't those help?

[Domo Sapiens]

a new variant ".b"
http://securityresponse.symantec.com...doom.b@mm.html
Not much known yet...