OT new email worm, story from the AP Jan 27 |
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
OT new email worm, story from the AP Jan 27 |
seanery |
Jan 27 2004, 08:40 AM
Post
#1
|
waiting to rebuild whitey! Group: Retired Admin Posts: 15,854 Joined: 7-January 03 From: Indy Member No.: 100 Region Association: None |
E-mail worm spreading fast
Associated Press January 27, 2004 SAN JOSE, Calif. -- A malicious program attached to seemingly innocuous e-mails was spreading quickly over the Internet on Monday, clogging network traffic and potentially leaving hackers an open door to infected personal computers. The worm, called "Mydoom" or "Novarg" by antivirus companies, usually appears to be an e-mail error message. A small file is attached that, when launched on computers running Microsoft Corp.'s Windows operating systems, can send out 100 infected e-mail messages in 30 seconds to e-mail addresses stored in the computer's address book and other documents. The attack was first noticed Monday afternoon. Within hours, thousands of e-mails were clogging networks, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team. Besides sending out e-mail, the program appears to open up a backdoor so that hackers can take over the computer later. "As far as I can tell right now, it's pretty much everywhere on the planet," Gullotto said. Security software experts were scrambling to decrypt the details of the malicious program and were arriving at different conclusions. Symantec, an antivirus company, said the worm appeared to contain a program that logs keystrokes on infected machines. It could collect username and passwords of unsuspecting users and distribute them to strangers. Network Associates did not find the keylogging program. The worm also appears to deposit its payload into folders open to users of the Kazaa file-sharing network. Remote users who download those files and run them could be infected. Symantec also found code that would flood The SCO Group Inc.'s Web site with requests in an attempt to crash its server, starting Feb. 1. SCO's site has been targeted in other recent attacks because of its threats to sue users of the Linux operating system in an intellectual property dispute. An SCO spokesman did not return a telephone call for comment Monday. Overall, the computer security firm Central Command confirmed 3,800 infections within 45 minutes of initial discovery. "This has all the characteristics of being the next big one," said Steven Sundermeier, Central Command's vice president of products and services. It appeared to first target large companies in the United States -- and their large address books -- but quickly spread internationally, said David Perry, global director of education at the antivirus software firm Trend Micro. Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes. Instead, one of its messages reads: "The message contains Unicode characters and has been sent as a binary attachment." "Because that sounds like a technical thing, people may be more apt to think it's legitimate and click on it," said Steve Trilling, Symantec's senior director of research. Subject lines also vary. The attachments have ".exe," ".scr," ".cmd" or ".pif" extensions, and may be compressed as a Zip file. Microsoft offers a patch of its Outlook e-mail software to warn users before they open such attachments or prevent them from opening them altogether. Antivirus software also stops infection. Christopher Budd, a security program manager with Microsoft, said the worm does not appear to take advantage of any Microsoft product vulnerability. "This is entirely a case of what we would call social engineering -- enticing users to take actions that are not in their best interest," he said. He said the software giant was working with other companies to learn more about the worm, but that, as of yet, the information about the worm was still "very spotty." The Redmond, Wash.-based company was encouraging users to take precautions such as using an Internet firewall and using up-to-date antivirus software. Mydoom isn't the first mass-mailing virus of the year. Earlier this month, a worm called "Bagle" infected computers but seemed to die out quickly. So far, it's too early to say whether Mydoom will continue to be a problem or peter out, experts said. |
SirAndy |
Jan 27 2004, 11:38 AM
Post
#2
|
Resident German Group: Admin Posts: 41,677 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
yupp, got it today on one of my "dead" accounts.
looked at it just for fun, not bad for a bored 12 year old from Racine WI. (i'm just guessing here, of course) ... as always, don't open attachments from people you don't know. (IMG:style_emoticons/default/wink.gif) Andy |
seanery |
Jan 27 2004, 11:41 AM
Post
#3
|
waiting to rebuild whitey! Group: Retired Admin Posts: 15,854 Joined: 7-January 03 From: Indy Member No.: 100 Region Association: None |
I just got notice that Norton has already updated their virus definitions for this worm, so run live update today and you're covered.
|
SirAndy |
Jan 27 2004, 11:54 AM
Post
#4
|
Resident German Group: Admin Posts: 41,677 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
QUOTE(seanery @ Jan 27 2004, 09:41 AM) I just got notice that Norton has already updated their virus definitions for this worm, so run live update today and you're covered. i know, i know, but in order to examine the virus, i had to trick norton into believing it's just a harmless attachment. (IMG:style_emoticons/default/wink.gif) Andy |
Downunderman |
Jan 27 2004, 11:57 AM
Post
#5
|
Senior Member Group: Members Posts: 852 Joined: 31-May 03 From: Sydney, Australia Member No.: 766 Region Association: Australia and New Zealand |
I received 3 emails with it at the office yesterday. So did a few of the staff. Nothing opened and no damage done.
|
smrz914 |
Jan 27 2004, 04:55 PM
Post
#6
|
Soon to be brightening the life of the person behind you. Group: Members Posts: 456 Joined: 21-April 03 From: Pleasant Hill, CA or Chico, CA Member No.: 596 |
So I have a question about these worms and viruses. If your e-mail is through say hotmail can it effect your computer? I don't use any of my e-mail programs on my computer and I don't think I ever will. Of course I don't open any attachments unless I know who it's from and if the person that sent it to me tells me it's there, and I know the file type. I've never gotten a worm/virus (IMG:style_emoticons/default/headbang.gif) (knock on wood) and I only just got a firewall/virus program last August because I was getting DSL connected to my comp. Just wondering.
|
SirAndy |
Jan 27 2004, 05:14 PM
Post
#7
|
Resident German Group: Admin Posts: 41,677 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
QUOTE(smrz914 @ Jan 27 2004, 02:55 PM) So I have a question about these worms and viruses. If your e-mail is through say hotmail can it effect your computer? depends on the virus and how it's programmed. this particular one uses your outlook addressbook to spread itself to everybody in there. others just install a "backdoor" for someone else to hijack your computer (and use it either for free storage or spam-relay) others just get off on deleting your harddrive. i would NOT recommend to rely on your email host (like hotmail) or your provider (whereever you get your DSL from) or a DSL-Router built in Virus Scanner. get some real anti-virus software and install it on your box. (and update it at least once a week!). also, a firewall DOES NOT protect you from viruses, it protects you from external attacks. problem is, once you got infected with some sort of trojan "backdoor", your firewall is useless cause the virus will initiate the connection from within. as a golden rule: NEVER open attachments you don't expect, even if they come from trusted sources! Andy |
Gint |
Jan 27 2004, 05:37 PM
Post
#8
|
Mike Ginter Group: Admin Posts: 16,083 Joined: 26-December 02 From: Denver CO. Member No.: 20 Region Association: Rocky Mountains |
|
smrz914 |
Jan 27 2004, 06:07 PM
Post
#9
|
Soon to be brightening the life of the person behind you. Group: Members Posts: 456 Joined: 21-April 03 From: Pleasant Hill, CA or Chico, CA Member No.: 596 |
Well i don't have any info in my outlook and I have antivirus software that is up to date. So can I conclude that I am safe? I know i'm not immune I'm sure.
|
SirAndy |
Jan 27 2004, 06:11 PM
Post
#10
|
Resident German Group: Admin Posts: 41,677 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
QUOTE(smrz914 @ Jan 27 2004, 04:07 PM) Well i don't have any info in my outlook and I have antivirus software that is up to date. So can I conclude that I am safe? I know i'm not immune I'm sure. yupp, you might. altough i thought i heard that it also installs a backdoor for remote access ... dunno, do a search on symantecs web-site. Andy |
Gint |
Jan 27 2004, 07:49 PM
Post
#11
|
Mike Ginter Group: Admin Posts: 16,083 Joined: 26-December 02 From: Denver CO. Member No.: 20 Region Association: Rocky Mountains |
Friends don't let friends use outlook! At home anyway.
|
campbellcj |
Jan 27 2004, 11:22 PM
Post
#12
|
I can't Re Member Group: Members Posts: 4,549 Joined: 26-December 02 From: Agoura, CA Member No.: 21 Region Association: Southern California |
We got a whole ton of these today.
Be sure to update your virus patterns regularly folks! Trend Micro's automatic update works really well on our network, but it still takes some diligence to check things out periodically and make sure each machine is set up correctly. "Real time" POP3 mail scanners are very helpful too. We have a few machines running Mozilla mail and the pop scanner works just as well as on Outlook. Speaking of Outlook -- the "full" Outlook XP (2002) or 2003 versions seem quite solid to me. It is Outlook Express that is, or at least used to be, pretty scary...and it's on just about every Windows machine in the world by default. |
mikester |
Jan 27 2004, 11:26 PM
Post
#13
|
Member Group: Members Posts: 326 Joined: 18-June 03 From: CA Member No.: 837 |
We started getting it late yesterday. The Symantec Anti virus caught it at the mail server - only a few got through. We check for updates to definitions every 6 hours. Might bump it to 3...
|
Lo-Fi Version | Time is now: 8th June 2024 - 04:28 PM |
All rights reserved 914World.com © since 2002 |
914World.com is the fastest growing online 914 community! We have it all, classifieds, events, forums, vendors, parts, autocross, racing, technical articles, events calendar, newsletter, restoration, gallery, archives, history and more for your Porsche 914 ... |