Virus Warning W32/Mydoom.A-mm
Aranyic
Casstown, OH Icrontian
Just a heads up to everyone, a new virus is really getting around (I got 7 emails for it in 4 hours). Norton at least right now does not detect it:
Warning: Mydoom virus spreading rapidly
MessageLabs, the leading provider of managed email security services to businesses worldwide, has intercepted a high number of copies of a new worm known as W32/Mydoom.A-mm.
Name: W32/Mydoom.A-mm
Number of copies intercepted so far: 165,598
Time & Date first captured: 13.03pm GMT, 26th Jan 04
Origin of first intercepted copy: Russia
W32/Mydoom.A-mm is a mass-mailing worm that attempts to spread via email and by copying itself to any available shared directories used by Kazaa.
The worm harvests addresses from infected machines and targets files with the following extensions:
.wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm, .txt.
W32/Mydoom.A-mm also tries to randomly generate or guess likely email addresses to send itself to.
In addition, initial analysis suggests that Mydoom opens a connection on TCP port 3127, an indication of a remote access component.
Email characteristics:
From: Random, spoofed email address
Subject: Random
Text: Various, including:
· The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
· The message contains Unicode characters and has been sent as a binary attachment.
· Mail transaction failed. Partial message is available.
Attached file: Various,extensions including .exe, .pif, .cmd, .scr. The attachment often arrives in a zip archive, and is also represented by what appears to be a text file icon, but is in fact an executable.
Size: 22,528 bytes
0
Comments
Too bad I don't need to worry
/me pats his powerbook lovingly
Do Macs get many Virus'? I would imagine that as less people use it, then less people make virus for it? Not really herd much about mac virus.....
Norton now DOES detect it (as of just this minuite), only as a varient called NOVARG
http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
That's certainly a good point you make - less people use Macs, therefore there really isn't a market for antivirus software and viruses.
To my knowledge I haven't experienced/heard of any viruses for the Mac although I'm sure there's maybe a couple that exist in its long history.
Norton didn't detect it but it will now.
Yea, I thought that was the case, less people use Macs means less people effected by a mac virus, so less of a 'kick? ( I dont claim to have an insight into the mind of a virus maker...) for the lowlife who wrote it. Is Mac antivirus software not even available? Cant get Mac Norton for example?
Of course those who have a firewall and virus protection dont open attachments that they are unsure of will never get infected
But of course the biggest defence is the user and not even programs or filters. To spread it needs someone to open and run the dam script. The volume of people who open anything and everything they get is crazy!
Everyone who does adds to the problem and so I have no sympathy for them.
1) Install a anti-virus program
2) Check if you know the person sending the file, if not does the attachment and email message tie in with your work ie for me, is it screenshots or a press release?
3) Do not use the address book in outlook
4) Be weary of programs like kazaa
Simple rules will eradicate most outbreaks... but still it seems to spread and spread....
Yea you can get Norton, but apparently McAfee is supposed to be better on the mac.
agreed
Thanx for the heads up
i have a mac.
Nope, it's called 'spoofing'. When the person becomes infected the virus uses names from their address book as the sender (the 'from' field). If the email delivery fails, then it automatically goes back to the sender/from field.
More than likely. Have them run a system scan anyway to be 100% sure.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101034
No, think it's legitimately new. Requires new dat files as well...
It's a bad month for Microsoft!