New computer virus!

Submitted by The Rookie on 01/27/2004. ( NaturesTrophies@aol ) 152.163.253.7

I don't know all the details but thought I would share what I've heard so far. The new virus masks itself as a file the computer can't read. If you should happen to experiance something like this and it seems strange then do be warned! Perhaps someone can elaborate upon this. Jeff F.

Return to The Taxidermy Industry Category Menu


If in doubt,

This response submitted by Glen Conley on 01/27/2004. ( g.conley@verizon.net ) 65.227.21.52

check it out.

An update for today by TrendMicro is WORM MIMAIL.R.

I have a FREE virus scan set up on

www.hidetanning.net

courtesy of TrendMicro. This makes it easy for you folks to remember and find. By all means, take advantage of this service. It's the cheapest computer insurance you can get.

Just enter the above address, scroll down to the Free Virus Scan thingy, click on it, and then follow the instructions. It's pretty easy. One thing I might add, always choose Auto Clean when that option shows up.
Glen


'Mydoom' E-Mail Worm Spreading Fast

This response submitted by Ken Edwards on 01/27/2004. ( ken@taxidermy.net ) 206.134.169.245

I have already recieved 45 copies of this worm in the past 24 hours. It is important to remember that this worm will not infect your computer if you do not open the attachment.

Like other worms, this one "spoofs" the sender's name by gathering emails from recently visited web pages and address books of the infected computers. Many of the worms I have received today have appeared to come from e-mails I recognized within the taxidermy industry.

Although there are new antivirus patches to protect against this new worm, the best defense is simply not to open (double-click on) any attachments, regardless of the sender's name.

The subject of these infected e-mails have been as follows:

Hi
Hello
Mail Delivery Failure
Returend Mail: See Transcript for Details
Error
<no subject>

Here is the latest information from the Associated Press:

'Mydoom' E-Mail Worm Spreading Fast

Tuesday, January 27, 2004
Associated Press

SAN JOSE, Calif.  -  Network administrators were working to stop a fast-spreading e-mail worm that looks like a normal error message but actually contains a malicious program that spreads itself and installs a program that leaves an open door to infected computers.

The worm - called "Mydoom," "Novarg" or "WORM-MIMAIL.R" - was replicating itself so quickly that some corporate networks were clogged with infected traffic within hours of its appearance Monday. Its mail engine could send out 100 infected e-mail messages in 30 seconds, experts said.

It runs on computers running Microsoft Corp.'s Windows operating systems, though other computers were affected by slow network and a flood of bogus messages. About 3,800 infections were confirmed within 45 minutes of its initial discovery, according to the security firm Central Command.

"This has all the characteristics of being the next big one," said Steven Sundermeier, Central Command's vice president of products and services.

It appeared to first target large companies in the United States - and their computers' large address books - and quickly spread internationally, said David Perry, global director of education at the antivirus software firm Trend Micro.

"As far as I can tell right now, it's pretty much everywhere on the planet," said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.

Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes. Instead, one of its messages reads: "The message contains Unicode characters and has been sent as a binary attachment."

"Because that sounds like a technical thing, people may be more apt to think it's legitimate and click on it," said Steve Trilling, senior director of research at the computer security company Symantec.

Subject lines also vary but can include phrases like "Mail Delivery System" and "Mail Transaction Failed." The attachments have ".exe," ".scr," ".cmd" or ".pif" extensions, and may be compressed as a Zip file.

Microsoft offers a patch of its Outlook e-mail software to warn users before they open such attachments or prevent them from opening them altogether. Antivirus software also stops infection.

Christopher Budd, a security program manager with Microsoft, said the worm does not appear to take advantage of any Microsoft product vulnerability.

"This is entirely a case of what we would call social engineering - enticing users to take actions that are not in their best interest," he said.


Removal tools

This response submitted by C. M on 01/27/2004. ( wdecor@juno.com ) 166.90.110.132

Go to downloads and you can download any of the known virus's removal tools free.
http://www.symantec.com/


Thanks Ken!

This response submitted by The Rookie on 01/28/2004. ( ) 152.163.253.34

As usual, excellent info. Jeff F.


I got one yesterday

This response submitted by Vicki Chritton-Myers on 01/28/2004. ( ) 66.82.9.14

mickcham@mindspring.com is where the one I got on 1/27 came from. It said "ERROR" in the subject line. The contents said "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment." It had an attachment to open (which I didn't!).


Return to The Taxidermy Industry Category Menu