Maker Pro
Maker Pro

New virus/worm to watch out for. High prioirty

P

Product developer

Jan 1, 1970
0
New Worm Spreading Rapidly Across Internet -Experts
Mon January 26, 2004 07:05 PM ET

SAN FRANCISCO (Reuters) - Security experts warned on Monday about a
new virus outbreak that was spreading quickly across the Internet.
The new virus, dubbed MyDoom or Novarg, is a mass-mailing worm that
arrives as an attachment with an .exe, .scr, .zip or .pif extension
and can have a subject line of "test" or "status."

It mails itself out to addresses in the victim's computer and is
clogging mail servers and degrading network performance at companies,
experts said.

"Mailboxes at large corporations are infected and reporting multiple
infections throughout their entire organizations," said David Perry,
global education director at Trend Micro.

The worm was discovered on Monday afternoon and spread so quickly that
Trend Micro, Network Associates, Symantec and other anti-virus
companies were rating it a "high" outbreak.

Security experts said they were still analyzing the virus to discover
what it does to the victim computers.
 
J

John Popelish

Jan 1, 1970
0
Product said:
New Worm Spreading Rapidly Across Internet -Experts
Mon January 26, 2004 07:05 PM ET

SAN FRANCISCO (Reuters) - Security experts warned on Monday about a
new virus outbreak that was spreading quickly across the Internet.
The new virus, dubbed MyDoom or Novarg, is a mass-mailing worm that
arrives as an attachment with an .exe, .scr, .zip or .pif extension
and can have a subject line of "test" or "status."

Somebody with my address has it. I just threw out a dozen copies.
Okay, who opened that file?
 
K

Ken Taylor

Jan 1, 1970
0
John Popelish said:
Somebody with my address has it. I just threw out a dozen copies.
Okay, who opened that file?

Same happened to me about an hour ago. :-(

Symantec have already put out an update.

Ken
 
A

Active8

Jan 1, 1970
0
On 26 Jan 2004 18:03:52 -0800, [email protected] said...
New Worm Spreading Rapidly Across Internet -Experts
Mon January 26, 2004 07:05 PM ET

SAN FRANCISCO (Reuters) - Security experts warned on Monday about a
new virus outbreak that was spreading quickly across the Internet.
The new virus, dubbed MyDoom or Novarg, is a mass-mailing worm that
arrives as an attachment with an .exe, .scr, .zip or .pif extension
and can have a subject line of "test" or "status."

It mails itself out to addresses in the victim's computer and is
clogging mail servers and degrading network performance at companies,
experts said.

"Mailboxes at large corporations are infected and reporting multiple
infections throughout their entire organizations," said David Perry,
global education director at Trend Micro.

The worm was discovered on Monday afternoon and spread so quickly that
Trend Micro, Network Associates, Symantec and other anti-virus
companies were rating it a "high" outbreak.

Security experts said they were still analyzing the virus to discover
what it does to the victim computers.

I got something that says I tried to send one.

****
The following message has been rejected by the Firewall System

because it contained a virus (file.scr W32/Mydoom@MM).
****

It said I tried to send it to vs5 - at - vnet -d.o.t- co -d.o.t- uk
which is a new one on me. Not in my address book/history. Not even
a cookie. Not in the registry, either. Ho hum.

I also got one with a random looking subject line and an attach
called test.zip. I'm thinking the thing mutated after getting my
address from whoever.

My mail client doesn't execute attachments :p
 
T

Tim Dicus

Jan 1, 1970
0
Active8 said:
On 26 Jan 2004 18:03:52 -0800, [email protected] said...

I got something that says I tried to send one.

****
The following message has been rejected by the Firewall System

because it contained a virus (file.scr W32/Mydoom@MM).
****

It said I tried to send it to vs5 - at - vnet -d.o.t- co -d.o.t- uk
which is a new one on me. Not in my address book/history. Not even
a cookie. Not in the registry, either. Ho hum.

I also got one with a random looking subject line and an attach
called test.zip. I'm thinking the thing mutated after getting my
address from whoever.

My mail client doesn't execute attachments :p

Hi Mike,

I get that all the time. My email server has several countries blocked, including Italy (spamafia) and Japan (spamikazi). access.db
is a wonderful tool when used correctly.

The spammers now use my email address as the sender, the return-path, and reply-to in their spam and vengeance/hate mail.

I had one spammer email me and told me I was a "very bad man". In the words of Spehro Pefhany: "Bwahahahah!"

The best way to check is to examine the entire email, including the headers, and see what the originating email server IP was. That
tells the tale! For Outlook Express, it is:
right-click the message to get a drop-down box, then
[Properties][Details][Message Source].

Tim
 
A

Active8

Jan 1, 1970
0
Active8 said:
On 26 Jan 2004 18:03:52 -0800, [email protected] said...

I got something that says I tried to send one.

****
The following message has been rejected by the Firewall System

because it contained a virus (file.scr W32/Mydoom@MM).
****

It said I tried to send it to vs5 - at - vnet -d.o.t- co -d.o.t- uk
which is a new one on me. Not in my address book/history. Not even
a cookie. Not in the registry, either. Ho hum.

I also got one with a random looking subject line and an attach
called test.zip. I'm thinking the thing mutated after getting my
address from whoever.

My mail client doesn't execute attachments :p

Hi Mike,

I get that all the time. My email server has several countries blocked, including Italy (spamafia) and Japan (spamikazi). access.db
is a wonderful tool when used correctly.

The spammers now use my email address as the sender, the return-path, and reply-to in their spam and vengeance/hate mail.

I had one spammer email me and told me I was a "very bad man". In the words of Spehro Pefhany: "Bwahahahah!"

The best way to check is to examine the entire email, including the headers, and see what the originating email server IP was. That
tells the tale! For Outlook Express, it is:
right-click the message to get a drop-down box, then
[Properties][Details][Message Source].

Tim
yeah. I can look at headers in mailwasher, Pegasus, and Dialog. I
just checked the regitry and all to be safe.
 
J

John Woodgate

Jan 1, 1970
0
I read in sci.electronics.design that Active8 <mTHISREMOVEcolasono@earth
link.net> wrote (in <[email protected]>
) about 'New virus/worm to watch out for. High prioirty', on Tue, 27 Jan
2004:
I got something that says I tried to send one.

****
The following message has been rejected by the Firewall System

because it contained a virus (file.scr W32/Mydoom@MM).
****

It said I tried to send it to vs5 - at - vnet -d.o.t- co -d.o.t- uk
which is a new one on me. Not in my address book/history. Not even a
cookie. Not in the registry, either. Ho hum.

It's forging my e-mail address as well. My mail reader is Turnpike,
which is not only rare but has an encrypted address book that PC viruses
can't find.
 
A

Active8

Jan 1, 1970
0
I read in sci.electronics.design that Active8 <mTHISREMOVEcolasono@earth
link.net> wrote (in <[email protected]>
) about 'New virus/worm to watch out for. High prioirty', on Tue, 27 Jan
2004:


It's forging my e-mail address as well. My mail reader is Turnpike,
which is not only rare but has an encrypted address book that PC viruses
can't find.
I remember. I checked out Turnpike and settled on 40tude Dialog for
mail and news. Still migrating. Nice feature that encryption. I
think if Dialog isn't open source if it doesn't have such a
feature, I'll just have to write an address book app that does and
send mail from there.
 
K

Ken Taylor

Jan 1, 1970
0
John Woodgate said:
I read in sci.electronics.design that Active8 <mTHISREMOVEcolasono@earth
link.net> wrote (in <[email protected]>
) about 'New virus/worm to watch out for. High prioirty', on Tue, 27 Jan
2004:


It's forging my e-mail address as well. My mail reader is Turnpike,
which is not only rare but has an encrypted address book that PC viruses
can't find.

Your addresses are just being picked at random out of some infected bunny's
address book. I've received a couple of bounced messages and used the
headers to tell the guy on the next desk to fix his home PC!

Cheers.

Ken
 
Top