PDA

View Full Version : Mydoom virus 'biggest in months'


tlr online
27-01-04, 19:30
A computer virus spread via e-mail has been described by security experts as the "largest virus outbreak in months". The malicious worm, called Mydoom or Novarg, has clogged networks and may allow unauthorised access to computers. It arrives as an e-mail attachment in a text file which sends itself out to other e-mail addresses if opened.

Security experts MessageLabs said, at its peak, one in 12 e-mails carried the worm. It has now stopped more than 1.5 million copies of it. It said this latest rapidly-spreading worm is bigger and faster than Sobig.F, the virus which crippled inboxes and networks last August, and it shows little sign of slowing. "Sobig, at its peak, infected one in every 17 e-mails, causing many internet relays to become severely clogged," Mark Sunner, chief technology officer at MessageLabs told BBC News Online. "Mydoom has now surpassed this, infecting an incredible one in every 12 e-mails, and so the impact of this latest virus may be very serious for affected e-mail users."

The virus, which is also spread through file-sharing networks, is particularly malicious because it may open a "back door" to computers. This is a piece of software which is deposited on a computer's hard drive if the attachment is opened. It listens to commands sent remotely over the net and acts on them. Many of the e-mails look like they have been sent from organisations like charities or educational institutions, to fool recipients into opening it. "Mydoom works by harvesting e-mail addresses from the infected computer, and randomly chooses from these the address identified as the next sender," explained Mr Sunner. "The sender is therefore falsified in the Mydoom virus, so it is impossible for the recipient to actually tell where the e-mail has really come from."

Be sure to update your virus software!

www.bbc.co.uk (http://www.bbc.co.uk)

justin
27-01-04, 19:33
*cough* (http://www.tombraiderforums.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=9;t=008862)

justin
27-01-04, 19:36
man this is a big problem... let me read it all this time http://www.tombraiderforums.com/images/smilies/bash.gif

justin
27-01-04, 19:39
Whew, good thing i never open attachments, and hotmail blocks most of them...

tlr online
27-01-04, 19:43
If any members are infected, download THIS FIX (http://securityresponse.symantec.com/avcenter/FxNovarg.exe) from Symantec.

justin
27-01-04, 19:49
Thanx tlr http://www.tombraiderforums.com/images/smilies/smile.gif

laracroft8290
27-01-04, 19:51
This is what the article over at DSLReports.com said:

MyDoom Spreads Quickly

New worm set to DDOS SCO Group

Clicking along at a faster pace than the "SoBig" worm did, the "Mydoom" virus exploded on Monday and is now making life difficult for many admins, who discuss the spread in our security forum. Apparently the worm's primary goal is to launch a DDOS attack against the SCO Group, an organization that has become public enemy number one to some in the Linux community. SCO has been under fire for its claims that portions of the open-source operating system fall under the company's copyrights (they own rights to the UNIX OS). The worm's mail engine is capable of sending out 100 infected e-mail messages in 30 seconds, which quickly clogged many mail servers over the past 24 hours. The specifics (including common headers) and removal instructions for MyDoom can be found over at SARC.

http://www.dslreports.com/shownews/37874

payload details

[ 27. January 2004, 20:12: Message edited by: laracroft8290 ]

Isabella
27-01-04, 19:53
Thank you for the detailed info. and the links.

tlr online
27-01-04, 20:01
IMPORTANT.

AVERT (emergency response team) has released THIS STINGER SCANNER (http://www.tombraiderforums.com/m/d/stinger.exe) that will scan for 55 of the most virulant email viri (including MyDoom) and remove if infected. I've uploaded Stinger to our server.

puma
27-01-04, 20:28
what kind of person starts a virus?, what do they get out of it?, its very confusing?

NatEcho
27-01-04, 20:35
Thanks tlr! Running it now. http://www.tombraiderforums.com/images/smilies/wave.gif

puma
27-01-04, 20:39
me too!! fingers crossed

Miss60
27-01-04, 20:53
Thanks for the warning tlr and for the stinger http://www.tombraiderforums.com/images/smilies/smile.gif

galaxia2999
27-01-04, 21:02
everyone block all your friends!

justin
27-01-04, 21:08
Originally posted by galaxia2999:
everyone block all your friends!http://www.tombraiderforums.com/images/smilies/tongue.gif

ELEN
27-01-04, 21:21
Is it a virous day?? I got infected by another virous (W32.Dumaru.Y@mm), but Norton cought it. At least I got rid of it.

SYS
27-01-04, 22:18
...a voice from the darkness.....

I really hate these "virus-seasons". Just today, I got more than 10 virus-warnings into my two mailboxes: they mentioned "W32.Novarg.A@mm", "W32/Mydoom@MM", and "SCO.A" viruses as removed. And this was just a starting-day, I'm afraid...

I remember, last year's summer, when the "Sobig" was on its top, I got more than 200 virus-warning letters - about removed attachments what originally contained virus - everyday! I remember, I got a new one in every 3 minutes. And this kept for at least some days...

It's really disgusting when the garbage are just flowing into Your mailbox, whilst You're waiting for important letters from others... That's also disgusting that the virus chooses not only the Recipient but the Sender also from the infected system's Address Book... :( (Hmm, where's an "angry-smiley"? :D )

This is why I really hate them, I've never been infected though... :rolleyes:

SYS "Congratulations Ms Croft. You are positively Amazonian."

[ 27. January 2004, 22:21: Message edited by: SYS ]

croft28
27-01-04, 22:23
Do these people not have anything better to do then create a virus that damages people computers. :rolleyes:

laracroft8290
28-01-04, 03:39
Click Here (http://www.dslreports.com/shownews/37891) for an update. SCO is apparently offering a reward http://www.tombraiderforums.com/images/smilies/bash.gif

galaxia2999
28-01-04, 22:10
strange i've never received any virus emails...guess i'm lucky?

tlr online
28-01-04, 22:19
Very lucky. I've deleted about 50 or so MyDoom-infected emails so far. :(

justin
28-01-04, 22:21
I've been getting at least 10 virus emails a day, all filtered into junk and all permanently blocked by Hotmail