Virus Alert: Novarg / MiMail / MyDoom - Page 2
Page 2 of 9 FirstFirst 1234 ... LastLast
Results 11 to 20 of 83

Thread: Virus Alert: Novarg / MiMail / MyDoom

  1. #11
    Any one using a Mac I sugest that you run your update software now!!!!!!!
    I just did and it was considdered an eemergency update.


    thanks for the heads up every one

  2. #12
    Member
    Join Date
    Nov 2003
    Posts
    67
    Hey Thanks for The Heads Up

    Cheers
    [gloworange]The Only Way to be Safe is To Never Be Secure. [/gloworange]
    Benjamin Franklin

  3. #13
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    This little baby open a port on 3127. I guess to use the victim as a zombie. Just scanned my subnet and found an instance of it. That to me means it spreading really fast when its that close to home.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #14
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Spotted these lines in the Symantec Writeup on the worm

    Sends to email addresses found in a specified set of files. It ignores email addresses that end in .edu.
    What's up with that? Maybe some college kids wrote this puppy and were worried about it slamming back?

    Performs DoS against www.sco.com
    Must be pretty pissed off about the whole SCO/Caldera vs Linux thing too. What gets me is that it seems to be a pretty specific Win32 bug, as far as the payload goes, so if you're pissed off at a UNIX vendor, why not write the bug to work on UNIX too?

    Guess that helps support the kid theory.

    Just my two cents

  5. #15
    Senior Member
    Join Date
    Mar 2003
    Posts
    117
    It's frontpage in Swedens #1 News Paper, they are predicting this to totally explode at 7:00 am to 9:00 am...(people getting to work..) Im staying up... this could get interesting...
    .sig - There never was a .sig?
    I own a Schneider EuroPC with MS-Dos 3.3 and it works.

  6. #16
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    Originally posted here by 576869746568617
    Must be pretty pissed off about the whole SCO/Caldera vs Linux thing too. What gets me is that it seems to be a pretty specific Win32 bug, as far as the payload goes, so if you're pissed off at a UNIX vendor, why not write the bug to work on UNIX too?
    It would be a waste of time the hetrogenity of the *nix world and the sophistication of the users pretty much makes it a waste of time and almost impossible. Windows gets all the cool viral malware , all *nix gets is "eat your ramen noodles" and such sillyness.
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  7. #17
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Very true...I was just thinking, If I were pissed off at a vendor and I were to write a virus to DoS the vendor's website, I would publish a virus specific to that vendor's OS (not that I would ever do such a thing).

    I do, however see why Windows is the platform of choice among virus publishers....because it has the highest install base among desktop OSes, whisc makes the probability of a higher infect rate much greater, thereby increasing the DoS's likeleyhood of success.

    I just think it would have been icing on the cake to have it affect OpenServer, UnixWare and possible OpenLinux. Of course, I use OpenServer, so I guess it's a good thing that it doesn't

    At any rate, Viruses are instruments of pure evil that have absolutely no useful purpose. (unless someone decides to write one that installs the latest IIS patch and updates your AV)

    And no, Windows Update is not a virus for all the wise guys out there (I see that one comming!)

  8. #18
    Junior Member
    Join Date
    Jan 2004
    Posts
    2
    Although Symantec states that the virus skips .edu addresses, we've received several copies within the last hour in our office alone (financial aid office/community college), and our accounts are all definitely .edu. What's the deal?

  9. #19
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Finaid001
    Although Symantec states that the virus skips .edu addresses, we've received several copies within the last hour in our office alone (financial aid office/community college), and our accounts are all definitely .edu. What's the deal?
    Symantec does mention that it will bypass .edu accounts, but the McAfee writeup does not say anything about it. I don't think everybody has all the info. on this puppy yet, hell I don't even think it's 24 hours old yet.

    McAfee writeup

    Cheers:
    DjM

  10. #20
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Not quite, DjM. See my post above. The symantec writeup does indeed say that the virus ignores .edu addresses. Here's the link to the writeup:

    http://www.sarc.com/avcenter/venc/da...varg.a@mm.html

    Here's a complete list of domains that the writeup claims the virus excludes:

    When W32.Novarg.A@mm is sending email, it will avoid distributing to domains which contain any of the following strings:


    avp
    syma
    icrosof
    msn.
    hotmail
    panda
    sopho
    borlan
    inpris
    example
    mydomai
    nodomai
    ruslis
    .gov
    gov.
    .mil
    foo.
    berkeley
    unix
    math
    bsd
    mit.e
    gnu
    fsf.
    ibm.com
    google
    kernel
    linux
    fido
    usenet
    iana
    ietf
    rfc-ed
    sendmail
    arin.
    ripe.
    isi.e
    isc.o
    secur
    acketst
    pgp
    tanford.e
    utgers.ed
    mozilla

    FinAid001, is it possible that someone on the network is using a mail client to retrieve mail from a non .edu account. That would explain any infections on your network.

    I would definately suggest that anyone who gets this virus from one of these so called "excluded" domains contact SARC to have them correct their info.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides