Any one using a Mac I sugest that you run your update software now!!!!!!!
I just did and it was considdered an eemergency update.
thanks for the heads up every one
Printable View
Any one using a Mac I sugest that you run your update software now!!!!!!!
I just did and it was considdered an eemergency update.
thanks for the heads up every one
Hey Thanks for The Heads Up
Cheers
This little baby open a port on 3127. I guess to use the victim as a zombie. Just scanned my subnet and found an instance of it. That to me means it spreading really fast when its that close to home.
Spotted these lines in the Symantec Writeup on the worm
What's up with that? Maybe some college kids wrote this puppy and were worried about it slamming back?Quote:
Sends to email addresses found in a specified set of files. It ignores email addresses that end in .edu.
Must be pretty pissed off about the whole SCO/Caldera vs Linux thing too. What gets me is that it seems to be a pretty specific Win32 bug, as far as the payload goes, so if you're pissed off at a UNIX vendor, why not write the bug to work on UNIX too?Quote:
Guess that helps support the kid theory.
Just my two cents
It's frontpage in Swedens #1 News Paper, they are predicting this to totally explode at 7:00 am to 9:00 am...(people getting to work..) Im staying up... this could get interesting...
It would be a waste of time the hetrogenity of the *nix world and the sophistication of the users pretty much makes it a waste of time and almost impossible. Windows gets all the cool viral malware , all *nix gets is "eat your ramen noodles" and such sillyness.Quote:
Originally posted here by 576869746568617
Must be pretty pissed off about the whole SCO/Caldera vs Linux thing too. What gets me is that it seems to be a pretty specific Win32 bug, as far as the payload goes, so if you're pissed off at a UNIX vendor, why not write the bug to work on UNIX too?
Very true...I was just thinking, If I were pissed off at a vendor and I were to write a virus to DoS the vendor's website, I would publish a virus specific to that vendor's OS (not that I would ever do such a thing).
I do, however see why Windows is the platform of choice among virus publishers....because it has the highest install base among desktop OSes, whisc makes the probability of a higher infect rate much greater, thereby increasing the DoS's likeleyhood of success.
I just think it would have been icing on the cake to have it affect OpenServer, UnixWare and possible OpenLinux. Of course, I use OpenServer, so I guess it's a good thing that it doesn't
At any rate, Viruses are instruments of pure evil that have absolutely no useful purpose. (unless someone decides to write one that installs the latest IIS patch and updates your AV)
And no, Windows Update is not a virus for all the wise guys out there (I see that one comming!)
Although Symantec states that the virus skips .edu addresses, we've received several copies within the last hour in our office alone (financial aid office/community college), and our accounts are all definitely .edu. What's the deal?
Symantec does mention that it will bypass .edu accounts, but the McAfee writeup does not say anything about it. I don't think everybody has all the info. on this puppy yet, hell I don't even think it's 24 hours old yet.Quote:
Originally posted here by Finaid001
Although Symantec states that the virus skips .edu addresses, we've received several copies within the last hour in our office alone (financial aid office/community college), and our accounts are all definitely .edu. What's the deal?
McAfee writeup
Cheers:
Not quite, DjM. See my post above. The symantec writeup does indeed say that the virus ignores .edu addresses. Here's the link to the writeup:
http://www.sarc.com/avcenter/venc/da...varg.a@mm.html
Here's a complete list of domains that the writeup claims the virus excludes:
When W32.Novarg.A@mm is sending email, it will avoid distributing to domains which contain any of the following strings:
avp
syma
icrosof
msn.
hotmail
panda
sopho
borlan
inpris
example
mydomai
nodomai
ruslis
.gov
gov.
.mil
foo.
berkeley
unix
math
bsd
mit.e
gnu
fsf.
ibm.com
kernel
linux
fido
usenet
iana
ietf
rfc-ed
sendmail
arin.
ripe.
isi.e
isc.o
secur
acketst
pgp
tanford.e
utgers.ed
mozilla
FinAid001, is it possible that someone on the network is using a mail client to retrieve mail from a non .edu account. That would explain any infections on your network.
I would definately suggest that anyone who gets this virus from one of these so called "excluded" domains contact SARC to have them correct their info.