Tuesday, February 07, 2012
Register  Login
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: kevin
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 56
People Online People Online:
Visitors Visitors: 5
Members Members: 0
Total Total: 5
Online Now Online Now:
Periwinkle Communications
Viruswarn banner
you are here: Forums  Search

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of Viruswarn.com.  You can always access old content at www.leedrake.com/forum .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!
  Viruswarn Forums
Forums > Viruswarning Forum > Viruswarning archive
Subject: Yet another MY-DOOM variant

You are not authorized to post a reply.   
Author Messages
Lee Drake
Posts:238
08/15/2004 5:29 PM  
What it is Looks like yet another variation of the MyDoom virus (version MyDoom.M and MyDoom.O) are spreading again. Like all the other versions of MyDoom this one disguises itself as a bounced email or a corporate missive saying that "You may be infected with a virus". The attached file IS the virus. Some versions have .ZIP extensions (which can be opened) and some have .EXE extensions (which in a properly configured system cannot be opened). The unusual thing about this version is that it actually has a smart engine that, once it discovers an email address in your address book, takes the @companyname.com part and does a Google, Yahoo, AltaVista or Lycos search for that company name and tries to find other email addresses using outside resources (instead of just your own address book). This allows the virus to more easily spread to others in companies that you have in your address book. It also means that even more people will eventually get a copy of the virus. As far as we know this is one of the first viruses to search on-line for additional email addresses to send infections to. If you're listed anywhere in those search engines you're likely to get a copy or three of this - even if you've been isolated in the past. The virus submits so many searches in such a short time that it's (perhaps inadvertently) creating a Denial of Service attack on the search engines listed above, and potentially slowing down performance on other machines on the same internet segment or email server. What should I do Virus Signature updates today from both McAfee and Norton detect and purge this virus. Since it relies on you either opening an executable attachment or unzipping and running one, common sense pretty much will stop this bug in it's tracks. If you get an infection you can use antivirus vendor provided tools to remove it. Look on your network for high rates of usage when nothing else is going on - or significant slowdowns in network speed. As usual be sure that you don't open attachments that you're not expecting, and keep your system patched and up to date. Be sure to run Antivirus software at all times and update daily. Filter email with .EXE extensions directly (IE Delete them unopened) and be careful about files with ZIP extensions to examine the contents of the zip file to be sure there aren't executable programs inside it. Additional Resources CNet News Article: http://news.com.com/MyDoom+variant+slams+mailboxes%2C+search+engines/2100-7349-5283940.html?part=dht&tag=ntop Symantec Security Response: http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html (includes a complete manual removal process) McAfee: http://vil.nai.com/vil/content/v_127033.htm McAfee Stinger removal tool: http://vil.nai.com/vil/stinger/ This concludes this viruswarning notice, Cheers, Lee
You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning archive > Yet another MY-DOOM variant


ActiveForums 3.6
  Register or Login


Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement