PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Neuer Virus im Umlauf



Snieff
27.01.2004, 09:45
Nur, falls das einige noch nicht mitbekomme haben, hier eine kleine Mail bzgl. eines neuen Mail-Wurms:
---- snip ----
SWI Readers,

There is a widespread outbreak of the WORM_MIMAIL.R email worm.

This worm is spoofing the sender's email address. If you receive one of these
emails, the person in the FROM: address is NOT the person who sent it to you.

If you are running an email server with antivirus software that bounces virus
infected emails, FOR GOD'S SAKE STOP BOUNCING THEM! You are participating in a
denial of service attack by bouncing viruses at people who are not infected. You
could even infect them yourself! STOP BOUNCING THEM!

If you receive an email like the one described below, DON'T OPEN IT! Delete it
immediately, update your antivirus program and scan. If you don't have an antivirus,
get one.
http://www.nod32.com/ Nod32 $39.00 (The best AV available)
http://www.grisoft.com/ AVG Free (Good enough for the price)

Description From Trendmicro:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004
1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the
spread of WORM_MIMAIL.R.

Also known as W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg.A@mm

This mass-mailing worm selects from a list of email subjects, message bodies, and
attachment file names. It can also propagate using the Kazaa peer-to-peer file
sharing network.

It performs a denial of service (DoS) attack against the software business site
www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It
ceases attacking the site and running most of its routines on February 12, 2004.

It runs on Windows 98, ME, NT, 2000 and XP.

It sends email with the following details:

Subject: (any of the following)
? Error
? Status
? Server Report
? Mail Transaction Failed
? Mail Delivery System
? hello
? hi

Message Body: (any of the following)
? The message contains Unicode characters and has been sent as a binary attachment.
? The message cannot be represented in 7-bit ASCII encoding and has been sent as a
binary attachment.
? Mail transaction failed. Partial message is available.
? test

Attachment: &ltRandom name>.zip

Post this on every message board you can find. Get the word out. If you have a
friend or family member who does not understand how to operate an antivirus, please
check that they are updated and protected. If you know someone running antivirus on
an email server, please tell them to turn off the bounce feature.

The normal SWI newsletter is going to be a day or two late. I am having bad weather
here and it's interrupting my internet connection.


Regards,

Mike Healan
Editor
www.spywareinfo.com

--- snip ---

Regards,

Snieff

damager
27.01.2004, 09:50
oder siehe auch:
http://www.unixboard.de/comments.php?catid=17&id=282