[HQRP] Fw: [HASLIST] New virus/worm

Pete Abad pabad@swbell.net
Tue, 27 Jan 2004 18:03:23 -0600


This could be serious.

Pete    KD5ELH
----- Original Message -----=20
From: Mark Holdsworth=20
To: haslist@netslyder.net ; NHAC@mail.netslyder.net ; fbac@netslyder.net =
; bnilist@netslyder.net=20
Sent: Tuesday, January 27, 2004 9:52 AM
Subject: [HASLIST] New virus/worm


This is a bad virus/worm so keep an eye out for it and delete it as soon =
as you get it.  Update your anti virus software several times a day =
until this threat is past.  If you do not have up to date anti virus =
software please go out and buy it or shut your computer down.

Mark


update A mass-mailing virus quickly spread through the Internet on =
Monday, compromising computers so that they attack the SCO Group's Web =
server with a flood of data on Feb. 1, according to antivirus companies. =


The virus--known as MyDoom, Novarg and as a variant of the Mimail virus =
by different antivirus companies--arrives in an in-box with one of =
several different random subject lines, such as "Mail Delivery System," =
"Test" or "Mail Transaction Failed." The body of the e-mail contains an =
executable file and a statement such as: "The message contains Unicode =
characters and has been sent as a binary attachment."


In one hour, Network Associates itself received 19,500 e-mails bearing =
the virus from 3,400 unique Internet addresses, Gullotto said. One large =
telecommunications company has already shut down its e-mail gateway to =
stop the virus.=20

Once the virus infects a Windows-running PC, it installs a program that =
allows the computer to be controlled remotely. The program primes the PC =
to send data to the SCO Group's Web server, starting Feb. 1, a virus =
researcher said on the condition of anonymity.=20


The virus also copies itself to the Kazaa download directory on PCs, on =
which the file-sharing program is loaded. The virus camouflages itself, =
using one of seven file names, including Winamp5, RootkitXP, Officecrack =
and Nuke2004. Variations in the body text include: "The message cannot =
be represented in 7-bit ASCII encoding and has been sent as a binary =
attachment."=20

Early data indicated an epidemic several times the size of the Sobig.F =
virus, which caused widespread infections last summer, said Scott Petry, =
a vice president of engineering at e-mail service provider Postini.


--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
---