MrRant 0 Report post Posted January 26, 2004 http://vil.nai.com/vil/content/v_100983.htm#Symptoms Spreading fast via e-mail and Kazaa. Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 26, 2004 Also... it is not entirely know what this thing does. But it is spreading FAST. Share this post Link to post Share on other sites
NoCalMike 0 Report post Posted January 26, 2004 what will zone alarm do to detect this? As long as I recognize this in an email I should be fine right? Oh and watching what the hell I do on kazaa...... Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 26, 2004 ZA wouldn't detect it. Anti-virus should detect it but it was just detected and the definitions may not be out yet so I would try updating your definitions. Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 26, 2004 Also this would be good time to refer people to the thread pinned at the top of this folder if they are not currently running an Anti Virus as there are a couple free ones there. Share this post Link to post Share on other sites
Bruiser Chong 0 Report post Posted January 27, 2004 So would you suggest not using Kazaa at the moment? I'm running an anti-virus program, but sure as hell don't want to go through another virus like this past summer. Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 27, 2004 Well... its certain files it's trying to put in there if you look at the posts. Basically it will turn your computer into a zombie to send out massive amounts of e-mail as well as at some point participate in a Denial of Service attack against SCO.com Share this post Link to post Share on other sites
Red Baron 0 Report post Posted January 27, 2004 Kazaa or Kazaa lite? Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 27, 2004 Probably both. Not sure. Share this post Link to post Share on other sites
Mole 0 Report post Posted January 27, 2004 Other than Kazaa, you have to be a dumb shit to download something from an e-mail, especailly if it's spam. Share this post Link to post Share on other sites
Renegade 0 Report post Posted January 27, 2004 So as long as you have Kazzaa open you could get it? Edit: I checked my shared folder, dont seem to have any of the files mentioned. I wont be using Kazzaa for a while. Share this post Link to post Share on other sites
Guest El Satanico Report post Posted January 27, 2004 It only affects Kazaa if it's running right? Share this post Link to post Share on other sites
Eclipse 0 Report post Posted January 27, 2004 Good thing I don't use ol' Kazaa anymore... Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 27, 2004 It only affects Kazaa if it's running right? It looks for the Kazaa folder. I wouldn't spread unless it's running if that is what you mean. Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 27, 2004 Mydoom, a new computer virus spreading by e-mail, is breaking records for new infections, antivirus vendors and security companies say. Infected e-mail messages carrying the Mydoom virus, also known as "Shimgapi" and "Novarg," have been intercepted from over 142 countries and now account for one in every 12 e-mail messages, according to Mark Sunner, chief technology officer at e-mail security company MessageLabs. That surpasses the Sobig.F virus record, which appeared last August and, at its peak, was found in one of every 17 messages intercepted by MessageLabs, he says. Since first detecting the new virus at 1:00 PM GMT on Monday, MessageLabs intercepted almost 1 million infected e-mail messages carrying the virus, Sunner says. The virus has "followed the sun," hitting hard in the U.S. and Canada late on Monday, then working its way through Asia and Europe on Tuesday, he says. F-Secure of Helsinki estimates that around 100,000 computers have been infected with Mydoom so far, says Mikko Hypponen, manager of antivirus research at F-Secure. Antivirus experts expect another large wave of infections in the U.S. and Canada on Tuesday morning, as workers who missed the virus late Monday return to their desks, he says. Tech Talk The worm arrives as a file attachment in an e-mail with a variety of senders and subjects, such as "Hello," and "test." The message body is often technical sounding, imitating the look and feel of an automatically generated message from an e-mail server, Sunner says. For example, some e-mail messages telling recipients that "the message contains unicode characters and has been sent as a binary attachment," or "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment." Users who click on the attachment, which uses a variety of file extensions such as ZIP, SCR, EXE, and PIF, are infected with the virus. The technical pitch is a new twist on so-called "social engineering" techniques used by virus writers to trick users into opening malicious file attachments. Mydoom's authors may have been counting on the fact that people trust the authenticity of computer generated messages more than those purporting to come from other humans, Sunner says. Mimicking the language of a computer-generated administrative message may have also helped Mydoom spread within large corporations, where employees are used to receiving such messages from administrative systems, according to David Perry, public education director at antivirus company Trend Micro. Going to Work Trend Micro saw evidence on Monday of infections from 12 of the Fortune 100 companies, he says. Once inside such companies, Mydoom could use the enormous bandwidth of those corporate networks and huge e-mail address books as a "springboard" to the rest of the Internet, Perry says. While Mydoom has shattered Sobig.F records, in many ways the two viruses are the same, antivirus experts agree. Both viruses scan infected computers for e-mail addresses that are then targeted by infected e-mail. Also, both Sobig.F and Mydoom are small and contain highly efficient SMTP engines for sending out copies of themselves. The efficiency of their mail engines means that even a small number of infections can generate a massive amount of e-mail traffic, Hypponen says. Finally, both Sobig.F and Mydoom contain a Trojan horse program that gives remote attackers full control of the infected system, he says. In the case of Sobig.F, experts theorized that the virus was being used to assemble "zombie" networks of machines for distributing spam e-mail. A similar motive may be behind Mydoom, though the virus writer's intentions are not yet clear, says Perry. http://story.news.yahoo.com/news?tmpl=stor..._pcworld/114461 Share this post Link to post Share on other sites
Guest Frank_Nabbit Report post Posted January 27, 2004 I don't have Kazaa, but I've had 2 of my email accounts get this virus Share this post Link to post Share on other sites
Guest mesepher Report post Posted January 27, 2004 or if you run a version of Linux, BSD or Solaris... Share this post Link to post Share on other sites
MarvinisaLunatic 0 Report post Posted January 28, 2004 Do a news search if you want the full details, but SCO is offering $250,000 for info leading to the arrest of the creator of this virus. Share this post Link to post Share on other sites
Guest mesepher Report post Posted January 28, 2004 Do a news search if you want the full details, but SCO is offering $250,000 for info leading to the arrest of the creator of this virus. those dickheads would.. SCO deserves everything they get hit with, the Imperical, money hungry bastards Share this post Link to post Share on other sites
Perfxion 0 Report post Posted January 28, 2004 Say what you want about them, but the fact that MILLIONS OF OTHERS are getting hit too kind takes away at the "Stick it to the man" bullshit. I am glad I got rid of Kazaa on Suday. Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 28, 2004 The new variant (Mydoom.b) is set to attack MS as well. And all the e-mail flooding ruins things for everyone with increased latency throughout the internet. Share this post Link to post Share on other sites
Guest mesepher Report post Posted January 28, 2004 Say what you want about them, but the fact that MILLIONS OF OTHERS are getting hit too kind takes away at the "Stick it to the man" bullshit. I refer you to this: http://action.eff.org/action/index.asp?step=2&item=2775 which should explain why SCO deserves everything they get. As far as MILLIONS~! of people getting hit by this, viruses ARE avoidable. There are alternatives to the Windoze OS, people... and if you're gung ho on running windoze, there are alternatives (which are often times better) to every stinking MS product out there. Share this post Link to post Share on other sites
IllustriousOne 0 Report post Posted January 28, 2004 I've been getting TONS of email spam with this shit in it. If you update your definitions, it WILL pick it up. I've had no problems with it so far, other than the annoyance of having to delete the emails that Norton kills. Share this post Link to post Share on other sites
Guest El Satanico Report post Posted January 28, 2004 I was about to comment on Norton being on top of it and killing the virus before it even gets to the inbox. It completely removes the chance for you to infect yourself. Share this post Link to post Share on other sites
Ravenbomb 0 Report post Posted January 29, 2004 so Soulseek is fine? Share this post Link to post Share on other sites
MrRant 0 Report post Posted January 29, 2004 Blame Spammers? A new computer worm called MyDoom is spreading in the United States and abroad at a frightening rate. But that's not the really scary news. What worries computer experts the most is the fact that MyDoom is an example of a new breed of professionally created worms that are more difficult to detect and move faster. These better-built worms also are used by criminals to turn a profit. Experts say the creation of MyDoom was almost certainly funded by e-mail spammers. The worm takes possession of a computer -- either at a home or one used in business -- and turns the machine into a remotely controlled robot programmed to send spam e-mail messages. With hundreds of thousands of these zombie computers sending spam, the chances of shutting down the flow are almost zero. While the inner workings of the worm aren't a strong departure from earlier ones, the fact that it was professionally created with a criminal profit motive is a big shift. Instead of sloppily made worms from amateurs, professional software writers -- motivated by money -- can create worms that will spread faster and work more efficiently, said Roger Thompson, director of malicious-code research for TruSecure, a Herndon, Va.-based anti-virus firm. "I don't think the worm is especially sophisticated, but the overall plot is very sophisticated," said Thompson. "The plot is to prepare a bunch of machines to send out spam, to own more and more computers that can do that." "Yeah, it definitely has ties to spammers," said Neel Mehta, a computer scientist with Atlanta-based Internet Security Systems. Nor is there any question that MyDoom spread like wildfire. Medina, Ohio-based Central Command, which sells anti-virus software, said the worm multiplied so quickly that, for a time, one of every nine e-mails was infected. Atlanta-based EarthLink, which has more than 5 million Internet customers, said the worm created massive volumes of e-mail on its system. At 2 a.m. Tuesday, normally a slack time, e-mail traffic was equivalent to what "we'd expect during midday," said Dave Blumenthal, a company spokesman. As if the news wasn't bad enough, there is a general suspicion the worm may contain what computer scientists call a keystroke-logger program. If that's true, the creator of the worm can monitor every keystroke made on every infected computer not protected by a firewall program. That provides access to everything typed, including credit card numbers and passwords. "I think there is a link to organized crime," Thompson said. "I don't have any proof of that, but it could easily be. It could be harvesting credit card numbers ... or bank account log-ins." Mehta said while he had seen reports the worm contained a keystroke logger, he could not confirm them. He said computers equipped with a firewall program should be safe because the anti-hacker software would intercept and stop the remote prying. MyDoom's professional touch can be seen in the way the e-mail induces the recipient to open the attachment carrying the infection. Earlier amateur-built worms promised naked pictures and the like. MyDoom looks like an official e-mail error message you might get if an e-mail failed to transmit properly. Even worm-smart users could be fooled, said Mehta. Once that attachment is opened, it hijacks e-mail addresses stored in infected computers. It then e-mails copies of itself using one of those names as the sender. So an infected e-mail could look like a message from a friend or relative. Since it appears to be the report of a failed e-mail message, many users may be eager to open the attachment to see which message failed. The text for some of those messages seems properly technical. One says: "The message contains Unicode characters and has been sent as a binary attachment." The professionalism of all that has Thompson worried. He foresees a new generation of worm creators who are better educated and more skilled. "Most worm writers grow up and get a girlfriend, a job and then stop," he said. "If there is a profit motive involved, I would expect the acts to continue." As professionals take charge, the construction of the worms themselves is likely to improve, making it more difficult to stop them. Mehta said professionally created worms such as MyDoom -- also known as Novarg -- have "more features ... they have more code to them, and the code is generally of better quality." He added, "It's not the first to have ties to professional writers, but until about a year ago we didn't see worms that were tied to professionals." While any fast-spreading worm causes congestion for computer networks inside businesses and on the Internet itself, that is a byproduct of MyDoom but not the intent, Thompson said. "Professional hackers are getting more into this," said Mehta. "We are now seeing worms that are designed with a purpose." Both Internet Security Systems and EarthLink believe the peak of e-mail from the worm came Monday and early Tuesday morning and that volume is now on the decline. http://www.ajc.com/business/content/busine...104/28worm.html Share this post Link to post Share on other sites
MarvinisaLunatic 0 Report post Posted January 30, 2004 Microsoft is offering $250,000 as well, but for the variant Mydoom.B version. Also, I got a fake pop up saying my computer was infected with the virus, and it said "Click yes to sanitize". Uh huh. I cliked cancel since there was no other way to get rid of it (it didn't even show up as a window in the toolbar). Share this post Link to post Share on other sites
BifEverchad 0 Report post Posted January 30, 2004 So, now that everyone seems to be walking away from Kazaa(Lite), where does everyone go? SoulSeek? Share this post Link to post Share on other sites
Lando Griffin 0 Report post Posted January 30, 2004 So this is basically another one of those viruses you get and spread if you are a total idiot? Share this post Link to post Share on other sites
Guest El Satanico Report post Posted January 30, 2004 Well if you're solely a home computer user, then yes you'd have to be an idiot to get infected. This virus sounds like it's aimed more at corporate computer users. At home emails from strange addresses should set off your internal alarm if you're not an idiot. At work real email from strange addresses wouldn't be as uncommon and wouldn't automatically set off your alarm. Share this post Link to post Share on other sites