[OT]New Virus in the wild

Just to remind people: don't open an attachment if you're not sure that it's
kosher. NO matter who it says it's from.

I've received over 100 e-mail bounce reports from mail supposedly sent
by me, each of which has the MyDoom worm in. This worm spoofs the sender

***
I've received over 100 e-mail bounce reports from mail supposedly sent
by me, each of which has the MyDoom worm in. This worm spoofs the sender
address, and installs Malware that causes it to open an unauthorised
connection on port 3127.
***

Just for clarification, the bounce reports ARE the worm transport, according
to reports I'm seeing. So if you get back a bounce message with an attachment,
DON'T CHECK IT OUT.

Also, please tell me everyone has auto-start/open on attachments is
disabled on everyone's mail client. I suggest disabling Java/Javascript
except by permission, but I'm a nervous nelly...

The_Beast

Also, please tell me everyone has auto-start/open on attachments is
disabled on everyone's mail client. I suggest disabling Java/Javascript
except by permission, but I'm a nervous nelly...

The_Beast

Cool, I'm not paranoid all by myself then.......)

> Just for clarification, the bounce reports ARE the worm transport,

> Just for clarification, the bounce reports ARE the worm transport,

But there's a lot more variants than that.

---------------------------------------------------
E-Mail messages sent by the worm have the following characteristics:

Subjects can be any of the following:

 test
 hi
 hello
Mail Delivery System Mail Transaction Failed Server Report
 Status
 Error

Body is one of the following:

 test

 The message cannot be represented in 7-bit ASCII encoding
and has been sent as a binary attachment.

The message contains Unicode characters and has been sent as a binary
attachment.

Mail transaction failed. Partial message is available.

Attachments are composed combining the following names:

 document
 readme
 doc
 text
 file
 data
 test
 message
 body

with the following extensions:

 pif
 scr
 exe
 cmd
 bat

> Just to remind people : don't open an attachment if you're not sure

We got the warning message at work this morning. It's pretty virulent. It's
apparently set up to send a whole _lot_ of messages as a denial of
service attack on February 1, with a shut down date of February 12. Definitely
make sure the virus checker is up to date. The worm is known as:

W32.Novarg.A@mm
W32/Mydoom@MM
WORM_MIMAIL.R

The extensions on the attachment are.bat,.cmd,.exe,.pif,.scr, or
.zip.
It affects only Windows 95 through XP machines.

If you need to send e-mail attachments to someone, send them an e-mail
asking them to let you send it to them. Ask them to include an "okay" phrase
in your
e-mail. This should be a non-trivial phrase, maybe even with a short
code
word or something. A lot of e-mail programs allow you to filter messages
with attachments. You can trash anything with an attachment except if the
e-mail
has your specific "okay" phrase. Is this a bit paranoid? Yes. But remember,
just because you're paranoid doesn't mean they are _not_ out to get you.

> On Tue, Jan 27, 2004 at 03:47:23PM +0000, agoodall@att.net wrote:

It's _much_ better to put the attached item on a private web or ftp
server instead - encoding an item for email transfer increases the size
by 33%, and by your separating the large component the recipient can
_choose_ whether and when to examine it.

> It's _much_ better to put the attached item on a private web or ftp

Yes, definitely, though it assumes that you have a private web site available,
and that the person on the other end knows how to use it. When it comes to
sending pictures of the kids to the inlaws, it's sometimes easier to send it
as an attachment.

However, I much prefer grabbing the attachment off the web myself. My home
connection is still dial-up and slow. I'd rather someone tell me where
to get the attachment than have to wait for it to download as part of my
e-mail.