Computer Virus Alert
Users browsing this topic:0 Registered, 0 Hidden and 0 Guests
Registered Users: None |
 |
| View previous topic :: View next topic |
| Author |
Message |
Joel 
Joined: 23 Mar 1999
Location: Mornington Peninsula
|
| Post subject: Computer Virus Alert |  |
|
W32.Novarg.A@mm
Discovered on: January 26, 2004
Also known as: W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]
http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
| Quote: | W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass-mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date. |
More info at that site. If anyone receives this email as described on that page, please do not open the file attachment. As a rule, file attachments sent from people you don't know should not be opened, and all file attachments should be checked for viruses before opening. |
|
|
|
 |
Joel
Joined: 23 Mar 1999
Location: Mornington Peninsula
|
| Post subject: | |
|
FBI probes new internet virus
http://news.ninemsn.com.au/Sci_Tech/story_54638.asp
| Quote: | AFP - The FBI is launching a probe into the MyDoom internet virus that is spreading rapidly and clogging computer networks around the world.
"We are aware of it and we are actively investigating," FBI spokesman Paul Bresson said.
The FBI last year arrested at least two individuals believed responsible for the "Blaster" virus that created havoc on the internet.
For the new virus, Bresson said, "We have not done a full assessment, but it's serious enough to warrant the FBI to look into this."
More than one million copies of the virus had been intercepted so far, according to the security firm MessageLabs, which said the first copies detected were from Russia. |
|
|
|
|
|
Joel
Joined: 23 Mar 1999
Location: Mornington Peninsula
|
| Post subject: | |
|
Mydoom.B has flaws: experts
http://news.ninemsn.com.au/Sci_Tech/story_54668.asp
| Quote: | AFP - As the Mydoom computer worm continued to clog up the internet, its successor Mydoom.B was not spreading as violently as feared, security experts pointing to design flaws in the latest version of the bug.
"Over 40 per cent of the internet traffic now consists of infected emails generated by the first Mydoom virus, and it's still spreading," Mikko Hyppoenen, of the Finnish anti-virus firm F-Secure, told AFP.
"It's levelling off slowly however, and it's less visible to the end user, but ISPs (internet service providers) still face problems with the email loads."
The Mydoom bugs are worms, a subgroup of computer viruses characterised by the fact that they spread independently through email, Hyppoenen said.
The Russian security firm Kaspersky Lab said that Mydoom.B was being propagated by the 600,000 or so computers that were infected by Mydoom.A.
The new Mydoom strain, was expected to overtake the first version since it builds on its predecessor's features and added some extra ones as well, but this did not happen, analysts said.
Further testing showed however that there were some programming flaws with the latest version, proving it was not nearly as virulent as initially thought.
"It's in the wild, but it's not spreading nearly as high as everybody expected," Hyppoenen noted.
"Our best bet is that there are some bugs in the virus' computer code that we have not been able to find yet."
A computer virus carries many parts, and some are intentionally encrypted by their authors, making it very difficult to know in detail how they actually work.
To detect and stop a bug however, a virus cracker just needs to find one special characteristic of the virus to be able to write software identifying and eliminating it.
Experts said they were expecting a new version of the Mydoom worm to appear at any time, correcting the flaws of the latest versions.
"It's quite likely that we will have a new version soon, there is nothing holding the creator back, especially since the B version did not turn out to be that successful," Hyppoenen said.
In 2003, many of the Sobig family of viruses turned out to be increasingly violent, with the latest F version in August generating 300 million infected emails in a week, while other strains were not successful at all.
Since Mydoom.A was detected on Monday night it has clogged the internet by sending hundred of millions of infected emails throughout the world.
But ironically, the success of Mydoom.A could curb the pace of proliferation of its successors, as it has severely slowed down the internet and corporate computer networks, causing huge delays in the delivery of emails.
The Mydoom bugs were not believed to impair the normal functioning of computers, and most end users would not even notice that their machines had been infected, experts said.
Most of the emails generated by the Mydoom viruses will never reach their destinations however, having been stopped by the anti-virus protection of corporate computer networks, analysts said.
The proliferation of the first variant was however levelling out, experts noted, as many computer users had updated their anti-virus software.
While the first virus was designed to attack the website of Utah-based software vendor SCO on Sunday, the new version also launches an assault on Microsoft's page www.microsoft.com, virus crackers said.
These attacks might just be diversions from the bugs' real purpose of infecting computers and opening backdoors on them, enabling their creator to access the machines from a distance, possibly to relay spam, experts warned.
Mydoom spreads through email attachments and downloads from the popular Kazaa file-sharing service, which lets internet surfers share content such as games, movies and music with each other for free. |
|
|
|
|
|
The Prototype 
Paint my face with a good-for-nothin smile.
Joined: 23 Apr 2003
Location: Hobart, Tasmania
|
|
|
|
|
Daks 
Joined: 19 Aug 2003
Location: Melbourne.
|
| Post subject: | |
|
my computer hasnt come across it at all and i havn't recieved any suspicious emails containing the virus. is this unusual?, is there a chance i wont come across it at all?
_________________
Nelly the cow is a beautiful cow
She moos, and moos and chews on grass.
© Daks 2006 |
|
|
|
|
punkologist 
Barwick goals, the pies are home!
Joined: 07 Jul 2003
Location: Level 2 Ponsford Stand
|
| Post subject: | |
|
I work for an ISP and these virus cause us huge amounts of extra work.
I HATE VIRUSES!!!
Please everyone keep your antivirus software updated. |
|
|
|
|
Joel
Joined: 23 Mar 1999
Location: Mornington Peninsula
|
| Post subject: | |
|
| ...and don't open attachments unless you have scanned them for viruses, or you are expecting the file. If people didn't do that then this type of virus wouldn't spread as much. |
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
The Rules
FAQ
Usergroups
Calendar
Search
Log in
Register
