NEW VIRUS ALERT

[DENNISTHEMENACE]

New Virus alert

 

Mydoom is a worm that spreads over email and Kazaa p2p network. When executed, the worm opens up Windows' Notepad with garbage data in it. In emails, it uses variable subjects, bodies and attachment names. It also performs a Distributed Denial-of-Service attack on www.sco.com. This attacks starts on 1st of February.

The worm opens up a backdoor to infected computers. This is done by planting a new SHIMGAPI.DLL file to system32 directory and launching it as a child process of EXPLORER.EXE.

Mydoom is programmed to stop spreading on February 12th

Click this link to download the virus fix tool

ftp://ftp.f-secure.com/anti-virus/tools/f-mydoom.zip

[Blatman]

From the Symantec web site.....

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates. While the worm will stop spreading on February 12, 2004, the backdoor component will continue to function after this date.

--------------------------------------------------------------------------------

Notes:

Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread.

Symantec Security Response has developed a removal tool to clean the infections of W32.Novarg.A@mm.

--------------------------------------------------------------------------------

Also Known As:  W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [sophos], I-Worm.Novarg [Kaspersky]

 

Type:  Worm

Infection Length:  22,528 bytes, variable file size for a .zip attachment

 

 

 

Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Systems Not Affected:  DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

Dennis.

Have you downloaded and opened the zip file you point to? It's an FTP site, and I have a strong suspicion that this may indeed actually be the virus itself, and not a removal tool.

There is a removal tool on the Symantec site whcich you can get by clicking the link above.

[Dave Eastwood (Gadgetman) - Club Chairman]

A client whose mail server we host had 5 emails carrying this little b******* this afternoon; fortunately our AV software nuked the attachements. But the little s*d's writing these really need stringing up    

[Dave Eastwood (Gadgetman) - Club Chairman]

Have you downloaded and opened the zip file you point to? It's an FTP site, and I have a strong suspicion that this may indeed actually be the virus itself

Just put the file on one of our test machines, swept it and didn't find anything.

F-Secure are pretty good, but of course the danger is always links to spoofed sites.

[Blatman]

I've never heard of F-secure. Also, I don't think I've ever downloaded any AV software from an FTP site, hence my suspicions.

Apologies to Dennis, and thank you Gadgetman.

[Nick Algar - Competition Secretary]

A client whose mail server we host had 5 emails carrying this little b******* this afternoon;

Is that all, I'v had about 20 so far. Another one dropped in whilst writing this (how do I know)

Norton's been spotting them    

Good old Norton    

[Stuart]

I've had it 3 times today, first time ostensibly from our Chief Exec in Australia.  First 2 attachments were called 'Test', 3rd time it was called 'Hello'.  McAfee got them, though.

[chris_p]

Here's quite a good explanation of what it does

http://www.sophos.com/virusinfo/analyses/w32mydoomb.html

or

http://www.sophos.com/

Then navigate from there.

It's about time these virus writers got a life and raced Westfields

[Bob Green]

I use Sophos and have to say it is great.  I haven't a clue what it does but junior sorted it for me and I have never had any problems with bugs.

[Dave Eastwood (Gadgetman) - Club Chairman]

Another seven arrived this evening; Trend suite filtering them out nicely  

[Bananaman]

I've had a load of these over the last couple of days(all identified by Norton, all deleated without opening.

If i run an update & scan with my Norton will this sort it out?

Andy

Gonna do it anyway but if it aint gonna work then futher action will be required (TIME TO BACKUP ALL WORK!!!!!!!!!!!!!!!!!!!

[adhawkins]

If you haven't opened them, you don't have the virus, so there's nothing to sort out.

You'll keep receiving them whatever you do.

Andy

[ACW]

see my rant in other thread 'WSSC Slow'. Please do check for IRC Bots on your machine.

[Bananaman]

Please do check for IRC Bots on your machine.

How?

[wrightster]

daft question probably , but is it best not to open any unusual emails then ?