Security Basics mailing list archives
FW: New Email Worm threat - a.k.a. Mydoom, Novarg, Shimg
From: "Gary Hewitt" <ghewitt () scan-america com>
Date: Wed, 28 Jan 2004 12:49:57 -0600
Shawn - At the risk of sending info you already have - here is a URL with details on the Mydoom worm and its variants. http://www.lavasoftsupport.com/index.php?showtopic=18480&st=0 I just sent the HTML version of this to my users. It is from one of the anti-spyware vendors. I changed it to text-only for this list but the HTML form is much easier to read. Note especially the various Subject lines below and the file-type of attachments, so you can recognize them. Gary M Hewitt Scan America Brookfield, WI ghewitt () scan-america com ============================================================================ ============= Win32.MMail.A continues its spread across the internet. Here's some further information. Discovered January 26, 2004 at 6:06PM EST Detected January 26, 2004 at 7:49PM EST Added to referencefile 252 (01R252 27.01.2004) Also Known As: W32.Novarg.A@mm, W32.Mydoom@MM, W32.Shimg, WORM_MIMAIL.R Worm emails itself to data-mined email addresses. The recipient will receive an email with various Subjects, including: Hi Hello Error MAIL DELIVERY SYSTEM Mail Transaction Failed Returned Mail: Response Error Server Report Test An attachment (the worm) is included using the file extension .exe, .pif, .zip, and .scr. Filenames include body, document, file, message, test, and text. Upon execution, it will drop taskmon.exe and shimgapi.dll in the %system% folder, and set taskmon.exe to autostart in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run subkey. If you receive this email, do not open it. Immediately delete the email, download the latest referencefile (01R252 27.01.2004 at the time of this writing) and perform a full system scan as shown by the settings here: Lavasoft Help & Support How To: Perform a "Full Scan" with Ad-aware http://www.lavahelp.com/howto/fullscan/ --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- FW: New Email Worm threat - a.k.a. Mydoom, Novarg, Shimg Gary Hewitt (Jan 28)