started getting virus emails yesterday
Tex
Dallas/Ft. Worth
I started receiving a few emails yesterday from people I didn't even know with attachments. I just delete them. This morning I had some bounced back to me saying I had sent them with that attachment. I think its just changing the name of who sent them and sending from someone else's box actually as the address it used as my sending address is a old email address I have not used since comcast bought out att and my email changed six months ago. It still gets forwarded to me but thats not my current email address anywhere inmy system so the virus has infected someone else and is sending stuff as if its from intheir system it appears.
So watch out guys as its coming your way.
tex
So watch out guys as its coming your way.
tex
0
Comments
Have a look over here http://www.short-media.com/forum/showthread.php?t=9187
Seems alot of people are getting the same thing.
This thing is hitting in Europe, Eastern Europe, Russia and the far east first. It spreads VERY fast. I got a writeup from Kaspersky Labs yesterday. But, what you got is not necessarily this virus, though given the spread of the other spoofers of mimail kind this is likely to be one that will not be disinfected easily and is likely to spread like widfire. Link has what is common for this virus, to recognize it in email. BTW, Kaspersky Labs LIKES many free subscribers to their AV Alert list (subscribe box on same page as link in quote), and the core heuristics used are in part licensed from F-Protect, who makes what is also called F-Prot.
John.
They should have a fun up their today with 1500 PC's on their network.
Tex
SAME virus, or myphoto.zip attachments??? Several viruses now use that kind of attachment naming, and that photos theme. First mimail hit in June of 2003 that was fairly major(mimail.c)-- mimail.q (which went from NADA three days ago to a class two this AM very early at Symantec) is being compared with Novarg as both similar in some ways now, adn enough is becomning apparent that a lot of security folks, me included, think there is a viral authoring group sharing ideas at least if not actively co-operating. They are coming too common and in too many bunches to be otherwise unless they are copying each other. Look up mimail.c, mimail.j, and mimail.q on http://www.viruslist.com/ or Symantec's Security Response area and you will see we have RELATED viruses being developed to be more and more complex. This happened to a degree with Sober also. You are getting related viruses, I THINK, not identical ones
If you want some interesting (heavy) reading, look up keyword Dumaru at above URL and also MyDoom. We end users are getting attacked by viral group attacks, and timings look coordinated.
Note, anyone with Retail non-Enterprise NAV might want to do an Intelligent Updater pickup, BTW-- thier server is busy, expect slower than normal download. The Liveupdate (weekly, Wednesday PM EST normally) will not be out until tomorrow unless Symantec declares a priority viral def update.
ATM, I have gotten major alerts on three viruses from 4 major AV vendors in last 24 hours.
John.
Dexter may have deleted the post.
Did the text of message talk about a Microsoft upgrade??? And say it was from Microsoft??? If not, and you can, tell me the message text and the subject and the header content. I can boolean search-and-match to virus ID with those pieces of info, and there IS a virus that does EXACTLY what I asked first about with a semi-random attachment filename. It DOES activate with a click-on-attachment and is not an autoloader-on-arrival virus.
MICROSOFT DELIBERATELY does NOT use email advisories of updates.
John.
Ok, let me see what the bugger is EXACTLY, and see if Symantec pubbed a fixer\remover if it has been "upgrade" run. If not, no worries.
John.
Fixer here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html
Also look up fixer for Klez.
Recommend F-Prot for AV, or Bitdefender. BOTH have desktop versions, F-Prot trial will kill your Klez and Swen also. It runs on XP and down, comes in US as 10 packs for 50 dollars a year. (singles are $29.95 each, simpler and less RAM hogging GUI than NAV, decent to very good, will need more time to play with it and ICSA test it to say it is great, but the engine is very good)
F-Prot is a coded-in-Iceland product, its heuristics are used in Kaspersky Antivirus also. Avilable in Windows desktop and Linux and Enterprise and Unix mailscan versions. In US, you can get it at http://www.raeinternet.com/
John.