Security Incidents mailing list archives
Fw: Anyome else seeing a rise in Mydoom Viruses over email?
From: "Henrique Cabral" <henrique.cabral () netc pt>
Date: Tue, 27 Jan 2004 19:05:41 -0000
The W32/MyDoom.A worm has already reached red alert status acording to Panda Software. This worm is extremely fast spreading and causes high damage, what makes it as serious as Bugbear and Blaster. It forwards itself to all the addresses found in the affected computers and comes via an e-mail message with an attached file. It uses social engeneering techniques to cheat the user making him think that is supposed to open the file. This worm also opens TCP port 3127 in the infected computer, allowing remote control of it. The message content changes, and may be composed by the following sentences: Subject: test hi hello Mail Delivery System Mail Transaction Failed Server Report Status Error Body: Mail Transaction Failed. Partial message is available. The message contains Unicode characters and has been sent as a binary attachment. The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment Attached file name: document readme doc text file data test message body File extension: .pif .scr .exe .cmd .bat .zip Once the worm has infected the computer, it then searches for the peer-to-peer file sharing Network KaZaa. If KaZaa is detected a file is copied to the shared folder allowing its distribution via this peer to peer system. The filename may be one of the following ones: winamp5 icq2004-final activation_crack strip-girl-2.0bdcom_patches rootkitXP office_crack nuke2004 and PIF, .SCR o .BAT extension. A free disinfection tool is available at http://www.pandasoftware.com/download/utilities/. You will just have to make an account in the site. ----- Original Message ----- From: "Nigel Frankcom" <nigel () blue-canoe net> To: <incidents () securityfocus com> Sent: Tuesday, January 27, 2004 12:03 AM Subject: Anyome else seeing a rise in Mydoom Viruses over email? Hi All, Over the last 2 hours our mail servers have seen a dramatic rise in Mydoom virus emails. So far neither Panda nor McAfee are detecting it - tho the following Content Filter is working for us: *C_o_n_tent-Transfer-Encoding: 7bit* (remove _'s) Subject seems to morph as each new wave is released. Most connections *seem* to be from private machines. Numbers are rising. Regards Nigel --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Anyome else seeing a rise in Mydoom Viruses over email? Nigel Frankcom (Jan 27)
- (Moderator Note) Re: Anyome else seeing a rise in Mydoom Viruses over email? Dan Hanson (Jan 27)
- Re: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? falcon (Jan 27)
- RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? Chris Harrington (Jan 28)
- RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? falcon (Jan 28)
- Re: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? falcon (Jan 27)
- (Moderator Note) Re: Anyome else seeing a rise in Mydoom Viruses over email? Dan Hanson (Jan 27)
- <Possible follow-ups>
- Fw: Anyome else seeing a rise in Mydoom Viruses over email? Henrique Cabral (Jan 27)
- Re: Fw: Anyome else seeing a rise in Mydoom Viruses over email? Matt Curtin (Jan 28)
- Re: Fw: Anyome else seeing a rise in Mydoom Viruses over email? Patrick Nolan (Jan 28)
- Re: Fw: Anyome else seeing a rise in Mydoom Viruses over email? Joe Matusiewicz (Jan 28)
- Re: Fw: Anyome else seeing a rise in Mydoom Viruses over email? Matt Curtin (Jan 28)
- RE: Anyome else seeing a rise in Mydoom Viruses over email? Thompson, Jimi (Jan 28)