Speedy Worm Invades Email Inboxes

A rapidly spreading e-mail worm on Monday afternoon shut down e-mail systems at several large corporations and is causing problems for computer users connected to the Internet, security experts said.

Known as "MyDoom," it is the fastest spreading e-mail worm ever, according to Network Associates, the Santa Clara, Calif.-based maker of McAfee Antivirus software. The company classified it as a "high alert," its most severe status level.

Mydoom is wreaking havoc with businesses and home computer users, said Steven Sundermeier, product manager for Central Command, an anti-virus company in Medina, Ohio. Sundermeier said the worm is spreading fastest in the United States and Europe.

The virus spreads in an e-mail message that looks like it was garbled during its journey to the recipient's in-box. The body text urges recipients to click on the attached file if the contents of the message are damaged or unreadable. The virus launches when the attachment is opened.

http://www.washingtonpost.com/wp-dyn/articles/A50582-2004Jan26.html?nav=hptop_tb

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

Seems to be MAJORLY striking at the moment.

.
.
oh well

:toast:

I run CLEAN systems, but my ISP is getting smacked.

THERE WILL BE SOME DOWNTIME TOMORROW for systems that can't handle the stress...

I just used the freescan and it found one worm already in my PC and removed it...I dont need my computer guy to come to my house again, and pay him money to put on yet another patch..I swear ! I already got whaked by the goddamn Blaster worm once , twice, and dont need anymore crap
a fine time to Knight Bill Gates...SIR WORM

.
.

and # 3 in Asia

JUst hover over the wee map and watch the specs in the list to the right

http://www.trendmicro.com/map/

.
.

"Aliases: W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg.A@mm"

Description:

A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004 1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the spread of WORM_MIMAIL.R.

This mass-mailing worm selects from a list of email subjects, message bodies, and attachment file names for its email messages. It spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users on infected machines.

It can also propagate using the Kazaa peer-to-peer file sharing network.

It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004.

It runs a backdoor component, which it drops as the file SHIMGAPI.DLL. The backdoor component opens port 3127 to allow remote users to access and manipulate infected systems. Note that it allows remote access even after February 12, 2004.

This worm runs on Windows 98, ME, NT, 2000, and XP.


MORE on this, solutions and links at:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

are holding fast at the moment!

:-)

I'm att'ing a quote from an email warning distributed in my sigoth's office. Could be a variant or a different creature alltogether:

"A new virus began spreading yesterday afternoon, and it's currently being called W32.Novarg.A@mm. It's another mass-mailing worm that attempts to perform a denial of service attack on a website. This time the victim is www.sco.com and the worm will try this on February 1st, and the worm is scheduled to stop spreading after February 12th. Along with the DoS attack, W32.Novarg.A@mm also allows for remote control of an infected system.

The Subject will be one of the following: test, hi, hello, Mail Delivery System, Mail Transaction Failed, Server Report, Status, Error
The Message will contain one of the following: Mail transaction failed.,The message contains Unicode characters and has been sent as a binary attachment.,or The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The Attachment will be either a .htm,.txt.or .doc file. Please do not open this under any circumstances."

... my poor wife's job as a help desk manager will be hell today. This thing hit her office yesterday afternoon.

NEVER OPEN AN ATTACHMENT UNLESS YOU KNOW WHAT IT IS AND EXPECTED IT.

The fact that so many people still fall for these ridiculous ruses is kinda sad. At my wifes employer, they have training after training session explaining this simple fact, but there is always a dim bulb who does it anyway. They better hope she doesn't figure out they did it :)

MonkeySoft's Exploder, at least in previous versions, automatically opens e-mail attachments. For that very reason I refuse to use it and persuade every one in my family to avoid it. Unless they are militant about their virus definitions and are willing to fork out decent cash for the latest versions, they become suseptible to every new attachment virus.

Instead, my friends and relatives get Netscape or another browser/mail box of their choosing and a list of files to never open - EVER.

The subject line said "Maid Delivery System" - very clever, huh? I knew it was fake because I hadn't sent any messages for a while.

All successfully deleted by our anti-virus software. I use a Mac at home so no problem there.