Sign in with
Sign up | Sign in
Your question

Email Virus/Links to Kazza

Last response: in CPUs
Share
January 27, 2004 8:42:43 AM

New e-mail virus detected, PCs vulnerable to data theft, says antivirus firm
at 23:26 on January 26, 2004, EST.

Printable version Send to a friend
VANCOUVER (CP) - A new computer virus spread via e-mail was detected Monday and an expert says it could quickly clog the Internet and open personal computers to data theft.

The virus, dubbed Mydoom, was confirmed around 4 p.m. EST by technicians at Network Associates Inc., which produces and maintains the McAfee antivirus program, Canadian general manager Jack Sebbag said from Montreal. Symantec Corp., which markets the Norton antivirus program, also posted an alert for the new virus, which it called Norvag.

It said Microsoft Windows operating systems except 3.x were vulnerable but the virus does not affect DOS, Linux, Macintosh, OS/2 or Unix-run computers.

"It's a mass-mailer, meaning it will send at random the e-mail and replicate itself to folks on your personal address book," said Sebbag.

The worm-type virus is contained in an innocuous-looking e-mail attachment and degrades performance on the computer.

The icon used by the file tries to make it appear the attachment is a text file, according to Network Associates' notice. It then copies itself to the local system and sends itself to everyone in the user's e-mail address book.

Symantec's posting said the worm also copies itself to the Kazaa music download directory using various file names.

It appeared to first target large companies in the United States - and their large address books - but quickly spread internationally, said David Perry, global director of education at the antivirus software firm Trend Micro.

Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes. Instead, one of its messages reads: "The message contains Unicode characters and has been sent as a binary attachment."

"Because that sounds like a technical thing, people may be more apt to think it's legitimate and click on it," said Steve Trilling, Symantec's senior director of research.

As more machines are infected Mydoom could slow down the entire Internet "and that's where the real problem starts to hit," said Sebbag.

He said the virus also appears to have a keystroke-logging capability, "meaning that somebody can actually take over your PC."

"Right now it's not a very big deal but it does have that capability so the worm can actually log into your machine and take it over and steal information."

The worm opens a connection on one of the computer's communication's ports, suggesting remote-access capabilities.

"It's a form of spyware," Sebbag said.

Users will know the computer is infected if Notepad is opened and filed with nonsense characters.

Symantec said once found, the worm appears easy to contain and not hard to remove.


Sebbag said the origin of the virus was not known yet but it may have come from North America or Europe.

Network Associates' lab began receiving large samples of the virus from its product users early Monday afternoon.

"That's why we rated the alert status to high," he said, adding it's too early to tell how widespread the virus has become. "It's in the hundreds of thousands at this point."

Sebbag said based on the number of samples his firm has received, Mydoom seems to be spreading as fast or faster than last year's SoBig virus.

Symantec also rated the speed of infection as high.

Last summer, SoBig quickly tied up e-mail systems and slowed down networks but did not damage computers or their data. It followed similar earlier attacks by viruses called LovSan and Blaster.

McAfee software users can find a update to combat the virus at nai.com, while Norton users can find help at www.symantec.com.

STEVE MERTL


Barton 3200+ 400MHz
A7N8X Deluxe
Liquid 12 Celsius
2x512 Crucial DDR 400 PC3200
GeForce FX5900
Two Maxtor 40Gig 8MB cach 7200rpm
SONY RW 52x/24x/52x
SONY DVD 16x/40x
January 27, 2004 2:35:07 PM

I received four copies of the W32.Novarg.A@mm virus/worm and one copy of the W32.Mimail.Q@mm virus/worm in my mail-box today.

<b>Qui habet aures audiendi audiat</b>
January 27, 2004 3:34:51 PM

I think they should just bring in a worldwide death penalty for people who write viruses. The bastards <i>really</i> piss me off. I'm sick of wasting my time sorting out PCs which are infected with the things. Maybe an instant death penalty would deter them.

Right-wing? me?...

---
<font color=red>Those of you who think you know everything are annoying to those of us who do.</font color=red> :wink:
January 27, 2004 4:05:55 PM

I second that notion...all of it actually.

Maxtor disgraces the six letters that make Matrox.
January 27, 2004 4:21:37 PM

castration and life imprisonment is good enough. and maybe before they go to jail, some plastic surgery so they have "a purty mouth" rofl

wpdclan.com cs game server - 69.12.5.119:27015
now featuring (optional) cheating death!
January 27, 2004 4:26:40 PM

While I agree with you about the people that create these viruses, another problem are the people that allow them to propagate.

I mean how hard is it to get an anti-virus program??? Even if you don't want to pay for one, there are good, free ones out there (www.grisoft.com)....and further, why do these people have to go clicking on every f'ing thing that ends up in their mailbox??? I suppose if a suspicious looking, ticking package showed up on their front step they would just rip it open????

I recieved this virus no less than 8 times this morning alone, of course my AV caught it, but it is still a pain in the A$$!

Sorry, just venting, thanks for listening!!!!
January 27, 2004 6:27:53 PM

<A HREF="http://www.grisoft.com" target="_new">Grisoft</A> (distributor AVG antivirus software) posted some information on the specifics of I-Worm/MyDoom.

Among other symptoms MyDoom writes itself to files in the KaZaA download directory with the following names.

nuke2004
office_crack
rootkitXP
strip-girl-2.0bdcom_patches
activation_crack
icq2004-final
winamp5

Here's the payload.

On February 1, MyDoom begins DOS attacks against www.sco.com. (I'm a little amused about that part of it).



Is anyone else paranoid (like me)?

I'm actively running AVG 6, Spyware guard, and Zone Alarm firewall. I regularly run Spybot Search and destroy. Plus, I've completely given up client based email. (I've removed all versions of Outlook from my system, Win98). Web-based email eliminates any possibility of accidentally double-clicking on attachments.

I wasn't always paranoid but one of those hijack dialers recently showed up on my main system. Fortunately, that system doesn't have a modem in it. Otherwise, I might have had mysterious, expensive phone charges to Amsterdam.

<b>56K, slow and steady does not win the race on internet!</b>
January 27, 2004 11:33:52 PM

I love the idea too, accept I go a bit further on the death penalty I think we should go back to Horse thief days accept that when we catch a hacker and we don't care how old he is we cut his throat after we hang him from a tree or lamppost in town square and we hang a hand written sign in the guys own blood around his neck that says here lies a hacker.

I cant tell you the satisfaction of having ADMIN control of our game server. After around 7 years on a cable connection and getting pounded so badly by net viruses and hackers that write email bugs and script viruses that slow the internet down the whole nine yards.

Now I simply do a STATUS in the game console bring the offending game hackers IP number up and his Steam or WON ID number and ban the little punk ass back to the stone age.

Hackers that use script files to hack in games are basically harmless but there are the few that do more then bring in their own scripts to enhance their own game play they also show up with key_logger software and back door Trojans and use the server to get into the other gamers computers and rip the guts (registry) and files out of it simply because they want to be that malicious. So in the end banning a hacker off the server in game is making sure that hacker is also not using the server as a platform to ruin other players computers.

Many regular players try to play games off their parents computers or many of them simply are not equipped or know how to re-install a functional operating system.
There are times when a hacker might repeatedly attack an individuals computer and it only takes the hacker 5 minutes of scripting to again ruin a fresh install that took the regular computer user more then a few hours to re-install and update. In most cases Dad's or Mom's valuable time.

The problem really lies with the big 2 Anti_Virus and fire wall companies both Symantec and McAfee are totally out to lunch on protecting a computer online in a game.

Both will want you to allow the connection to the UDP port the game is on simply in order for you to be able to connect to the server and play. Once you have done that you have ZERO I repeat ZERO protection from software fire walls once connected or in a game.

Software like zone alarm is one of the best blockers out there but it monitors the system so massively that game performance can be cut by as much by 50% on some slower computers and it makes game play mildly annoying with time outs and Frames Per Second loss or freeze frame graphics none of witch have to do with your graphics card but the software fire wall is causing you to drop packets or not reply to the server on DOS pings that keep you validated with the server or host and the host drops you or you get timed out.

In the last 2 years of using Norton fire wall software behind a 4 port cable router and cable modem the damn thing has not stopped one attack when in game.

Here is some good news for you gamers out there but this will only work with a fresh install so don't bother doing it if you already have ZONE/Norton/McAfee products already loaded.

We have our clan players on the server and other players having problems do this...Install PC Cillin and only use PC Cillin 2002 from the motherboard CD that game with your ASUS motherboard or other manufactures that supply PC Cillin.

In most cases because it is free and low end most people over look this wonderful little Ant_Virus + Fire Wall software that comes completely free on the motherboard drivers CD. We have found that it in no way steals system performance from online gaming and it is has and continues to protect every gamers computer that installs it into a fresh format.

Not a single clan member in our CF | Clan or other online gaming friends computers has been violated since we started using PC Cillin. It never asks for a permission to go into a game server it simply sits in the back ground and blast the F*** out of any hacker trying to gain access through the game server. The software updates off the net perfectly and it integrates with Windows XP home and Pro so seamlessly that you don't even know it is there.

I have had the PC Cillin software installed now for over 6 weeks and I have not had a single attack make it into my P.C in any shape from or fashion. The PC Cillin Software 2002 version also has a POP3 email scanner that is brilliant it scans all incoming and outgoing emails flawlessly and no viruses are circumventing it.

Most hackers and virus writers do not bother with types or kinds of software like PC Cillin they target the larger software from Symantec or McAfee so that their Trojans and Viruses circumvent those kinds of software in order to do their nasty work.

Programs like HACK TRACER fire wall and PC Cillin 2002 and COMMVIEW scanning software that lets you back track attackers IP numbers and ban them are fantastic.

For gamers online it is in their very best interest to become educated in protecting their computer systems from online in game threats DO NOT RELY on Norton fire wall to save your bacon when your in game because the hacker will be in and out and the bells/alarms will never go off Norton Fire wall welcomes all hackers and lets every Vampire in.

I once had a flag with my player name on it A BIG Canadian flag I could spray paint up on the walls in Day Of Defeat it was red and white and had Nighthawk along the bottom in black I created the flag using a software program called WALLY, that software lets you create and save your drawing into the game folder and it is saved as a PDL or .WAD file that cant be read with normal windows software.

Ok here is the deal I had 200 bucks worth of Symantec Software installed the whole software bundle complete you can buy from them including all utilities as well as the fire wall.

It took a hacker on the game server about 5 minutes to use the game server to enter my computer side step any protection Norton was providing. The hacker Stole my .WAD file containing my game flag right out of my game folder off C:\ Drive and 5 minutes later he was running around the game server spraying my game flag logo up all over the walls.

When he was thefting my own hard work out of my P.C my Symantec products never said a thing.......................If you want current up to date protection for your P.C that is about the best you are going to get at home install PC Cillin off your motherboard CD. Do your self a favour because the [-peep-] works and nothing else does to date.

Another tip of the day is look for attacking IP numbers that have a .edu in the computers address what the .edu signifies is a College Campus server and many online gamers are playing out of Dorm Rooms with a Dorm friend or friends and they are totally protected from back tracing through the Colleges servers. The kinds of in game hacker attacks you will most likely face that are very damaging are from Students in computer sciences courses applying what they learn in class onto the internet.

This is something that really needs to be addressed because they are 1 not old enough to understand that what they are learning is not for them to use as violation tools to hack the internet and others home or corporate computers. They do not yet have a professional responsibility to a job they might have in the real world and use the Networking courses they are taking for Evil intent.
If you see any IP addresses in your fire wall software that contains a .edu address ban the entire range of that IP number. If you can find out with a WHOIS IP number search what college the attacks are coming out of and ban the whole damn college campus off from your personnel P.C.

Barton 3200+ 400MHz
A7N8X Deluxe
Liquid 12 Celsius
2x512 Crucial DDR 400 PC3200
GeForce FX5900
Two Maxtor 40Gig 8MB cach 7200rpm
SONY RW 52x/24x/52x
SONY DVD 16x/40x
Anonymous
a b à CPUs
January 28, 2004 12:30:24 AM

>On February 1, MyDoom begins DOS attacks against www.sco.
>com

Oh really ? Hmmm.. maybe I should just accidentaly disable my AV software and firewall for a few days then :) )

>Is anyone else paranoid (like me)?

Close, but not that paranoid. I un AVG and zonealarm ALWAYS, and Adaware about once a week. best security measure however, is not use Outlook and not use IE. I use Opera for both, but you could try Mozilla or Firebird instead if you prefer.

As for those hijack modem dialers.. and similar trash..its astonishing those things are *legal* ! These companies are actually making boatloads of money legally ripping of unwary endusers in a way that is *far* worse than a virus writer. IF those people deserve death penalty, than what about those corporations ??

= The views stated herein are my personal views, and not necessarily the views of my wife. =
January 28, 2004 12:59:02 AM

I am what you would call a candy a$$ liberal. Two years in jail and a lifetime ban from all electronic media seems like justice to me. Hackers who hit M$ should be given a suspended sentence.
Anonymous
a b à CPUs
January 28, 2004 1:03:55 AM

> Hackers who hit M$ should be given a suspended sentence.

Hacker that hit SCO should be given 4 weeks of forced public duty (like coding some Linux modules) :D 

= The views stated herein are my personal views, and not necessarily the views of my wife. =
January 28, 2004 1:36:08 AM

I say two years filtering spam by hand.

<b>56K, slow and steady does not win the race on internet!</b>
January 28, 2004 1:56:09 AM

Yeah, I will have to give up the crutch, and give up Internet Explorer.

I've had some trojan horse programs show up on my machine, even with active virus scanning enabled. I think it's some kind of javascript that's getting around the protection but I am not sure.

I did try Mozilla a couple times but somehow got buggy versions both times, so I gave up. That was quite a while ago so maybe I will try it again.

I have a friend who refuses to use a firewall or firewall software and also antivirus software. He should be forced to have my dial-up account and leave his broadband to me.



<b>56K, slow and steady does not win the race on internet!</b>
January 28, 2004 2:38:37 AM

Something needs to be done! I was *almost* infected. Also, how do they handle internationally based hacking incidents? Do they just hope for the cooperation from the country where the criminal's doing their foul play?

<b>Qui habet aures audiendi audiat</b>
!