-
January 27th, 2004, 11:18 PM
#41
Originally posted here by thadbme
How much traffic is everyone seeing from this thing?
Since midnight last night to right now, I have quarantined or block just under 2000 copies, not all that many when I compare it to Klez when it first started.
Cheers:
-
January 27th, 2004, 11:20 PM
#42
It's a virus, so it's in all likelyhood extremely buggy. Therefore, I'd say yes to your question.
As for how much traffic, well...I have an OC3 line and out of 44mbps I have around 6mbps available, most of the used bandwidth is VPN and e-commerce traffic (28.7mbps), but the rest is because the mailserver is being hammered. You can draw your own conclusions from that.
-
January 27th, 2004, 11:28 PM
#43
Senior Member
That makes me not feel so bad about my, estimated 50 or so copies of it. Wow, you my friend are getting hammered by this thing
Anyways good info and thanks for the response. When Sobig F came out I received around 3000 hits a day from it, pailing in comparison to this thing, atleast for now, and I'm hoping it will stay that way.
-
January 28th, 2004, 04:26 AM
#44
SCO has now issued a bounty for MyDoom creator. Sounds like a good deal, virus writer goes to jail, some one gets $250K and SCO will be one setup closer to bankruptcy.
Its not software piracy. I’m just making multiple off site backups.
-
January 28th, 2004, 05:11 AM
#45
WAS Sent To me In my Email So thought i would post it:::::
The W32.Novarg.A@mm virus is a mass-mailing worm that is very active on the Internet. While we are currently taking measures to protect our Email users, you can protect yourself by identifying and deleting emails with Novarg characteristics. Please do not report these emails as Spam.
Note: Your computer should not be infected by this virus unless you open a corrupted attachment.
What to look for:
Emails infected with the Novarg virus have, thus far, been approximately 30-35KB in size and have exhibited the following characteristics:
Subject line:
Hello
Hi
Test
Status
From line:
Contains spoofed addresses - which means that the name that appears in the "From" field is probably not the real sender.
Body:
Tends to be unreadable; gibberish. You may also see the following message: "The message contains Unicode characters and has been sent as a binary attachment".
Attachment file extensions:
.zip (most common)
.bat
.cmd
.exe
.pif
.scr
Known attachment file names:
body (.zip, .bat, etc.)
readme
file
message
text
jasrjx
dajtl
document
What you can do:
Delete messages with the above characteristics and be sure to delete them from your Trash Folder. Knowing some of the above characteristics about this virus, you may wish to set up custom filters and route most of these virus emails directly to your Trash or Bulk Folder. This way, you can keep your inbox free of most of these messages. Just be sure to check your Trash or Bulk Folder and empty them on a regular basis in order to free up space in your email account.
-
January 28th, 2004, 01:28 PM
#46
Senior Member
I got one I got one I got one
Unfortunately my NAV deleted the attachment before I could run it... damn one more infection that I didn't catch
now for serious, my company got e-mail stating that one infected e-mail was sent from us (it is a small company so we use just one e-mail). I am scaning all computers in our LAN but there is no any trace of virus. Does anyone know if this virus is spoofing From: field in e-mail header? I have doublecheck it, none of my bosses didn't open our e-mail from home.
Ikalo
------
Make your knowledge your deadliest weapon.
-
January 28th, 2004, 02:05 PM
#47
Yes, it is spoofing the from. A large number of my users have received "your email has been rejected because of the MyDoom.A virus" when I know for a fact that they don't have it.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 28th, 2004, 02:34 PM
#48
Not to doubt you, TigerShark, but how do you know for a fact? (runnung linux or something)
Just curious. I knew my users didn't have it, but my mail server....it was ate up!
Guess that's what I get for using a win server for mail......I use UNIX for everything else so I figured I'd use one Windows server, that won't hurt so bad...I can use it for mail. Didn't think about the fact that most viri are for Windows!
-
January 28th, 2004, 03:33 PM
#49
-
January 28th, 2004, 03:48 PM
#50
Originally posted here by 576869746568617
Not to doubt you, TigerShark, but how do you know for a fact?
Just to add to what Tiger said, this quote is from the Symantec site.
The email will have the following characteristics:
From: May be a spoofed from address
Now while it does say "may be spoofed", history teaches us that the new crop of viruses making the rounds use this technique. As well, the messages I am seeing also lead me to the same conclusion, specifically, e-mails coming from accounts I know have been deleted for more than a year.
Cheers:
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|