Full Disclosure mailing list archives

Re: MyDoom download info

From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 13 Feb 2004 11:11:23 -0600 (CST)


February 12, The Register (UK) - Nachi variant wipes MyDoom from PCs. A
new
variant of the Nachi worm which attempts to cleanse computers infected by
MyDoom and download Microsoft security patches to unprotected computers
arrived on the Internet Thursday, February 12. Nachi.B (also called
Welchi)
uses the same security vulnerability exploited by the Blaster worm to
spread. Once it infects target machines the worm attempts to search and
destroy any traces of MyDoom infection -- before downloading patches for
the Microsoft vulnerability it used to infect the system in the first
place. The scanning traffic generated by the original Nachi worm in August
2003 caused huge problems. Anti-virus vendors fear a repeat performance
this time around. This concern is compounded by the plethora of new
viruses released in recent days. As well as the Doomjuice worms (which
target Microsoft's Website in DDoS attacks), we have MyDoom and variants
and now a Nachi variant. Thursday also saw the arrival of a Trojan, called
Mitglieder.H, with the ability to spread to computers infected with the
MyDoom.A worm.
Source: http://www.theregister.co.uk/content/56/35524.html

Thanks,

Ron DuFresne

On Fri, 6 Feb 2004, B$H wrote:

Hi all!
I've heard about a tool what disinfect the mydoomed system remotely.. do you
know about it anything?

B$


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: MyDoom download info Nico Golde (Jan 31)
- <Possible follow-ups>
- Re: MyDoom download info Valdis . Kletnieks (Jan 31)
- Re: MyDoom download info Nick FitzGerald (Jan 31)
  - Re[2]: MyDoom download info Thierry (Jan 31)
    - Re[2]: MyDoom download info J.A. Terranson (Jan 31)
    - Re: MyDoom download info B$H (Feb 13)
    - Re: MyDoom download info Ron DuFresne (Feb 13)
  - Re: MyDoom download info Roland Dobbins (Jan 31)
- RE: MyDoom download info Nick FitzGerald (Feb 01)
  - RE: MyDoom download info Steve Wray (Feb 02)