Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

New E-Mail Virus Jamming Inboxes

0 views
Skip to first unread message

Geneb

unread,
Jan 26, 2004, 9:49:30 PM1/26/04
to
Off Topic Of BMX,
But this is messing up the bmx internet communications worldwide,
and then some... A HEADS UP TO ALL!

*** New E-Mail Virus Jamming Inboxes ***

WORLDWIDE (AP) -- January 26, 2004
A Category 4 mass-mailing worm discovered today, currently
investigating!
http://securityresponse.symantec.com/avcenter/venc/data/w32.no...@mm.html

A malicious program attached to seemingly innocuous e-mails
was spreading quickly over the Internet on Monday, clogging
network traffic and potentially leaving hackers an open door to
infected personal computers.

The worm, called "Mydoom" or "Novarg" by antivirus companies,
appears to be an e-mail error message. A small file is attached that,
when launched on computers running Microsoft Corp.'s Windows
operating systems, can send out 100 infected e-mail messages in 30
seconds to e-mail addresses stored in the computer's address book
and other documents.

The attack was first noticed Monday afternoon. Within hours,
thousands of e-mails were clogging networks, said Vincent Gullotto,
vice president of Network Associates' antivirus emergency response team.

Besides sending out e-mail, the program appears to open up
a backdoor so that hackers can take over the computer later.

"As far as I can tell right now,
it's pretty much everywhere on the planet," Gullotto said.

Symantec, another antivirus company, also said the worm appeared
to contain a program that logs keystrokes on infected machines.
It could collect username and passwords of unsuspecting users
and distribute them to strangers.

Network Associates did not find the keylogging program.

Symantec also found code that appeared to target The SCO Group Inc.,
which claims some of its intellectual property has ended up in the Linux
operating system and is threatening lawsuits. SCO's Web site, which
has been targeted in the past, was available but sluggish late Monday.

The computer security firm Central Command confirmed
3,800 infections within 45 minutes of initial discovery.

"This has all the characteristics of being the next big one,"
said Steven Sundermeier, Central Command's vice president
of products and services.

Unlike other mass-mailing worms, Mydoom does not attempt to
trick victims by promising nude pictures of celebrities or mimicking
personal notes. Instead, one of its messages reads: "The message
contains Unicode characters and has been sent as a binary attachment."

"Because that sounds like a technical thing, people may be more
apt to think it's legitimate and click on it," said Steve Trilling,
Symantec's senior director of research.

Subject lines also vary. The attachments have ".exe," ".scr,"
".cmd" or ".pif" extensions, and may be compressed as a Zip file.

Microsoft offers a patch of its Outlook e-mail software to warn
users before they open such attachments or prevent them from
opening them altogether. Antivirus software also stops infection.

Christopher Budd, a security program manager with Microsoft,
said the worm does not appear to take advantage of any
Microsoft product vulnerability.

"This is entirely a case of what we would call social engineering
- enticing users to take actions that are not in their best interest,"
he said.

He said the software giant was working with other companies to
learn more about the worm, but that, as of yet, the information
about the worm was still "very spotty." The Redmond, Wash.
-based company was encouraging users to take precautions
such as using an Internet firewall and using up-to-date antivirus
software.

Mydoom isn't the first mass-mailing virus of the year. Earlier this
month, a worm called "Bagle" infected computers but seemed to
die out quickly. So far, it's too early to say whether Mydoom will
continue to be a problem or peter out, experts said.

"Over the next 24 to 48 hours, we'll have a much better sense,"
Trilling said. "Right now, the trend is only up."

For More Information:
http://securityresponse.symantec.com/avcenter/venc/data/w32.no...@mm.html
Symantec -- http://www.symantec.com

Geneb...Wenatchee,Washington-USA
All Things Northwest in BMX!
***** Gene`s BMX *****
http://www.genesbmx.com

0 new messages