|
-
January 27th, 2004, 04:28 AM
#11
Any one using a Mac I sugest that you run your update software now!!!!!!!
I just did and it was considdered an eemergency update.
thanks for the heads up every one
-
January 27th, 2004, 04:49 AM
#12
Member
Hey Thanks for The Heads Up
Cheers
[gloworange]The Only Way to be Safe is To Never Be Secure.  [/gloworange]
Benjamin Franklin
-
January 27th, 2004, 05:38 AM
#13
This little baby open a port on 3127. I guess to use the victim as a zombie. Just scanned my subnet and found an instance of it. That to me means it spreading really fast when its that close to home.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
January 27th, 2004, 06:19 AM
#14
Spotted these lines in the Symantec Writeup on the worm
Sends to email addresses found in a specified set of files. It ignores email addresses that end in .edu.
What's up with that? Maybe some college kids wrote this puppy and were worried about it slamming back?
Must be pretty pissed off about the whole SCO/Caldera vs Linux thing too. What gets me is that it seems to be a pretty specific Win32 bug, as far as the payload goes, so if you're pissed off at a UNIX vendor, why not write the bug to work on UNIX too?
Guess that helps support the kid theory.
Just my two cents
-
January 27th, 2004, 06:41 AM
#15
It's frontpage in Swedens #1 News Paper, they are predicting this to totally explode at 7:00 am to 9:00 am...(people getting to work..) Im staying up... this could get interesting...
.sig - There never was a .sig?
I own a Schneider EuroPC with MS-Dos 3.3 and it works.
-
January 27th, 2004, 12:56 PM
#16
Originally posted here by 576869746568617
Must be pretty pissed off about the whole SCO/Caldera vs Linux thing too. What gets me is that it seems to be a pretty specific Win32 bug, as far as the payload goes, so if you're pissed off at a UNIX vendor, why not write the bug to work on UNIX too?
It would be a waste of time the hetrogenity of the *nix world and the sophistication of the users pretty much makes it a waste of time and almost impossible. Windows gets all the cool viral malware , all *nix gets is "eat your ramen noodles" and such sillyness.
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
-
January 27th, 2004, 02:26 PM
#17
Very true...I was just thinking, If I were pissed off at a vendor and I were to write a virus to DoS the vendor's website, I would publish a virus specific to that vendor's OS (not that I would ever do such a thing).
I do, however see why Windows is the platform of choice among virus publishers....because it has the highest install base among desktop OSes, whisc makes the probability of a higher infect rate much greater, thereby increasing the DoS's likeleyhood of success.
I just think it would have been icing on the cake to have it affect OpenServer, UnixWare and possible OpenLinux. Of course, I use OpenServer, so I guess it's a good thing that it doesn't
At any rate, Viruses are instruments of pure evil that have absolutely no useful purpose. (unless someone decides to write one that installs the latest IIS patch and updates your AV)
And no, Windows Update is not a virus for all the wise guys out there (I see that one comming!)
-
January 27th, 2004, 03:48 PM
#18
Junior Member
Although Symantec states that the virus skips .edu addresses, we've received several copies within the last hour in our office alone (financial aid office/community college), and our accounts are all definitely .edu. What's the deal?
-
January 27th, 2004, 04:40 PM
#19
Originally posted here by Finaid001
Although Symantec states that the virus skips .edu addresses, we've received several copies within the last hour in our office alone (financial aid office/community college), and our accounts are all definitely .edu. What's the deal?
Symantec does mention that it will bypass .edu accounts, but the McAfee writeup does not say anything about it. I don't think everybody has all the info. on this puppy yet, hell I don't even think it's 24 hours old yet.
McAfee writeup
Cheers:
-
January 27th, 2004, 04:53 PM
#20
Not quite, DjM. See my post above. The symantec writeup does indeed say that the virus ignores .edu addresses. Here's the link to the writeup:
http://www.sarc.com/avcenter/venc/da...varg.a@mm.html
Here's a complete list of domains that the writeup claims the virus excludes:
When W32.Novarg.A@mm is sending email, it will avoid distributing to domains which contain any of the following strings:
avp
syma
icrosof
msn.
hotmail
panda
sopho
borlan
inpris
example
mydomai
nodomai
ruslis
.gov
gov.
.mil
foo.
berkeley
unix
math
bsd
mit.e
gnu
fsf.
ibm.com
google
kernel
linux
fido
usenet
iana
ietf
rfc-ed
sendmail
arin.
ripe.
isi.e
isc.o
secur
acketst
pgp
tanford.e
utgers.ed
mozilla
FinAid001, is it possible that someone on the network is using a mail client to retrieve mail from a non .edu account. That would explain any infections on your network.
I would definately suggest that anyone who gets this virus from one of these so called "excluded" domains contact SARC to have them correct their info.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
