High Alert - W32/Mydoom@MM mass-mailing worm
Dear Client, A high number of copies of a mass-mailing worm, W32/Mydoom@MM, have been intercepted. The mass-mailing worm arrives in an email message as follows: From: (spoofed) Subject: (Random) Body: (Varies, such as) The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. The message contains Unicode characters and has been sent as a binary attachment. Mail transaction failed. Partial message is available. Attachment: (varies [.exe, .pif, .cmd, .scr] - often arrives in a ZIP archive) (22,528 bytes) Attachment size: 22,528 bytes The icon used by the file tries to make it appear as if the attachment is a text file. Upon executing the virus, Notepad is opened, filled with nonsense characters. This file tries to spread via email and by copying itself to the shared directory for Kazaa clients if they are present. The mailing component harvests addresses from the local system. Files with the following extensions are targeted: wab adb tbb dbx asp php sht htm txt Additionally, the worm contains strings, which it uses to randomly generate, or guess, addresses. For more information please visit: www.messagelabs.com/intelligence. Regards, Client Services
In other words...whoever the mail "says" its from. It isn't. Email 101 for some people I know.
Cheers,
Jim
Site Talk
Site announcements, comments, or feedback about the site.
Site announcements, comments, or feedback about the site.
Hosted by Darren Baker, Jim Starkweather
More info on the spam virus going around...
Posted: Tuesday, January 27, 2004 - 10:08 AM UTC
Kencelot
Florida, United States
Joined: December 27, 2001
KitMaker: 4,268 posts
Armorama: 2,804 posts
Joined: December 27, 2001
KitMaker: 4,268 posts
Armorama: 2,804 posts
Posted: Tuesday, January 27, 2004 - 10:19 AM UTC
This is another instance where having antivirus software is more necessary than ever. These unforgiving creeps that proliferate the "www" are becoming more shrewed each day.
Keep that software up to date!
Keep that software up to date!
GunTruck
California, United States
Joined: December 01, 2001
KitMaker: 5,885 posts
Armorama: 3,799 posts
Joined: December 01, 2001
KitMaker: 5,885 posts
Armorama: 3,799 posts
Posted: Tuesday, January 27, 2004 - 10:37 AM UTC
Yeah - these guys should turn their creative energies to scale modeling!
Gunnie
Gunnie
keenan
Indiana, United States
Joined: October 16, 2002
KitMaker: 5,272 posts
Armorama: 2,844 posts
Joined: October 16, 2002
KitMaker: 5,272 posts
Armorama: 2,844 posts
Posted: Tuesday, January 27, 2004 - 11:32 AM UTC
Gunnie,
I picture some 36 year old guy sitting in his parent's basement eating Cheetos and yelling "OWNED!!!" when he send his virus to the net... You are right, these guys need to do something else.
Shaun
/heads to the basement to have a couple of beers and work on a model/
#:-) #:-)
I picture some 36 year old guy sitting in his parent's basement eating Cheetos and yelling "OWNED!!!" when he send his virus to the net... You are right, these guys need to do something else.
Shaun
/heads to the basement to have a couple of beers and work on a model/
#:-) #:-)
Posted: Tuesday, January 27, 2004 - 12:15 PM UTC
Hi there
This delightful little critter has hit Armorama_UK and, seemingly, latched onto Staff urls posted there.
I've received e-mails with .exe attachments including one with a subject:
Virus infection alert.! Hi ...
IF YOU GET ANYTHING ALONG THESE LINES - DON'T OPEN IT
Rowan
P.S. I've edited this post - it originally included some urls - one of which proved to be another victim...
This delightful little critter has hit Armorama_UK and, seemingly, latched onto Staff urls posted there.
I've received e-mails with .exe attachments including one with a subject:
Virus infection alert.! Hi ...
IF YOU GET ANYTHING ALONG THESE LINES - DON'T OPEN IT
Rowan
P.S. I've edited this post - it originally included some urls - one of which proved to be another victim...
keenan
Indiana, United States
Joined: October 16, 2002
KitMaker: 5,272 posts
Armorama: 2,844 posts
Joined: October 16, 2002
KitMaker: 5,272 posts
Armorama: 2,844 posts
Posted: Wednesday, January 28, 2004 - 01:15 AM UTC
Yeah,
Just recieved a 22kb .zip file at work with "hello" as the subject. I was all over it. Thanks for the heads up everyone. Of course, half the people in the front office will open the attachment when they get in...
Shaun
Just recieved a 22kb .zip file at work with "hello" as the subject. I was all over it. Thanks for the heads up everyone. Of course, half the people in the front office will open the attachment when they get in...
Shaun
brandydoguk
England - North, United Kingdom
Joined: October 04, 2002
KitMaker: 1,495 posts
Armorama: 234 posts
Joined: October 04, 2002
KitMaker: 1,495 posts
Armorama: 234 posts
Posted: Wednesday, January 28, 2004 - 02:59 AM UTC
This thing got on my computer despite having up to date virus protection. To get rid of it I downloaded and ran something called FxNovarg. It did the trick in a couple of minutes thank goodness.
Marty
Massachusetts, United States
Joined: June 16, 2002
KitMaker: 2,312 posts
Armorama: 1,054 posts
Joined: June 16, 2002
KitMaker: 2,312 posts
Armorama: 1,054 posts
Posted: Wednesday, January 28, 2004 - 03:19 AM UTC
A little bit of common sense says: if you get an e-mail with an attachment from someone you do not know, DO NOT OPEN IT! If the e-mail appears to be from someone you do know but who never sends you attachments, DO NOT OPEN IT! without first contacting that person. Of course all this discussion about viruses should be a non-issue if people would only keep their anti virus software up to date.
ModlrMike
Alberta, Canada
Joined: January 03, 2003
KitMaker: 714 posts
Armorama: 360 posts
Joined: January 03, 2003
KitMaker: 714 posts
Armorama: 360 posts
Posted: Wednesday, January 28, 2004 - 10:30 AM UTC
brandydoguk
England - North, United Kingdom
Joined: October 04, 2002
KitMaker: 1,495 posts
Armorama: 234 posts
Joined: October 04, 2002
KitMaker: 1,495 posts
Armorama: 234 posts
Posted: Wednesday, January 28, 2004 - 03:27 PM UTC
Quoted Text
Of course all this discussion about viruses should be a non-issue if people would only keep their anti virus software up to date.
The thing about this virus was that my anti virus software is up to date but it didn't detect it. I did 2 full scans with Norton when I suspected I had a nasty on my machine, it didn't find anything. It was only when I downloaded a specific detection tool that it got the thing and removed it. I never opened any attachments from the junk e-mails I received but I do get a few from people I know so it could have been in one of them. I contacted everyone on my contacts list to warn them about it in case it was from one of them so that they could remove it.