PDA

View Full Version : The MyDoom Worm


perthskies
January 31st, 2004, 01:27 AM
Has any of you been struck by this worm in your e-mail inbox? I have, but my Anti-virus nullified the effect. Many of my friends seemed to have been struck by it too. I would strongly suggest you keep your Anti-Virus definitions updated if you don't already.

See the Symantec Response for more details of MyDoom: http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Yamichu
January 31st, 2004, 01:44 AM
Interesting...I don't think I've got it but then again I havn't cheked my E-mail.

Hey, do you know if a bug can more likely spread through a whole country than go to the countries on the other side of the world?
I know I know nothing about computars.

~HORN!

Frostweaver
January 31st, 2004, 02:11 AM
...

*thought that MyDoom was launched by hackers/whoever as a challenge for all Personal Computers across the world worldwide? So it certainly spreads, acorss the world too*

*(Don't know how for details... will leave Kairi to explain that part) If you do come in contact with it, it will extract itself and repulicate, sending a duplicate email to everyone on your contact list so they'll get infected too*

*This "challenge" is suppose to last for 2 weeks of time (or something close to that), starting from 2~3 days ago actually...*

*should really update antivirus protection as all the antivirus programs are all targetting at that at the moment... also to be on the safe side, just don't open emails from people you don't know. Look at the email sizes and attachment type too*

perthskies
January 31st, 2004, 02:33 AM
Frosty, do you always have to post in third person? =P Especially with the three dots at the start of your post? ^_^

Frostweaver
January 31st, 2004, 02:36 AM
<= he is just trying to post without talking... that's all... and all these sentences led off by arrows means "a sign with information for the person to the left reads the following:"

*thinks Optic should knwo that things within *s means action or thought...*

*certainly someone knows even better just why he has to act like this... COUGH COUGH*

Yamichu
January 31st, 2004, 03:48 AM
I hate hackers! They is evil!
On Australia Day (26th Jan public holiday) Optus (my net provider) had to shut down peoples internet or whatever for the day because of hackers. *hopes MyDoom worm will not infect her E-Mail even though she has Norton Anti-Virus*


~HORN!

prolific_rhapsody
January 31st, 2004, 07:34 AM
I'm on MSN Hotmail, and since I started I haven't gotten 1 junk e-mail, I think it's because my address is kind of strange.

bna_li
January 31st, 2004, 07:48 AM
It is incredibally strange.. I get like 7-8 junk mail per day.

100marios
January 31st, 2004, 08:32 AM
Actually, I was afraid I got it the other day when PC was really slow to load up..............actually, I didn't know about the virus, it was my dad who was worried, he recently wiped out this computer from another virus and didn't want to have to do it again.

Kairi
January 31st, 2004, 09:27 AM
Hackers are not evil, they dont do anything wrong. Crackers are the people who do malicious things with their abilities. Personally, my ISP is really good at filtering this and I havent gotten one. Plus I run a good, up-to-date antivirus, and a firewall. Plus Im going through a router, so another firewall. I dont keep a contact list just in case something like this would slip by me. The more annoying thing about this virus is some peoples antivirus. The virus can spoof coming from you, and their antivirus sends you emails saying you sent them a virus, when you might not even have it. =\ I worry about frosty, who probably doesn't stay updated. ._.;

Arwen
January 31st, 2004, 09:30 AM
Nah... i'm protected because I have current DAT files for Norton Virus Scan (2004 Professional with DAT Updated 1/29/03) and a Firewall up... (although I use Dialup connection).

anyway, I got this message which is oddly strange on AOL:

Email:[email protected] ([email protected])
Subject:Virus Alert
Message:The mail message (file: data.zip) you sent to [email protected] contains a virus. (on the network)

Yamichu
January 31st, 2004, 12:50 PM
Hackers are not evil, they dont do anything wrong. Crackers are the people who do malicious things with their abilities. Personally, my ISP is really good at filtering this and I havent gotten one. Plus I run a good, up-to-date antivirus, and a firewall. Plus Im going through a router, so another firewall. I dont keep a contact list just in case something like this would slip by me. The more annoying thing about this virus is some peoples antivirus. The virus can spoof coming from you, and their antivirus sends you emails saying you sent them a virus, when you might not even have it. =\ I worry about frosty, who probably doesn't stay updated. ._.;

Ok then...
...
...
...
CRACKERS ARE EVIL!!!!!!!!!
And Arwen that is just wiered...why would there had been a virus in the E-mail you sent?...0.o


~HORN!

Arwen
January 31st, 2004, 02:09 PM
I didn't send it. Someone tried to send a virus, but it was blocked by AOL.

Frostweaver
January 31st, 2004, 02:21 PM
I worry about frosty, who probably doesn't stay updated. ._.;
*and for once he has disappointed Kairi in a good way ^_^; *

*still haven't gotton anyway yet... maybe being exclusive in terms of email filter help a bit...*

Haruka
January 31st, 2004, 10:48 PM
i'm updated constantly... thanks to Norton's Automatic Liveupdate.

Kairi
February 1st, 2004, 09:04 AM
i'm updated constantly... thanks to Norton's Automatic Liveupdate.Im actually such a memory freak I leave auto-update off, and check twice a day or so for updates. Because, when idle, auto-update uses RAM doing nothing. 95% of the time, its best to leave it on however, just in case you forget.

Haruka
February 1st, 2004, 09:11 AM
I always forget to update them if I turn it off... >_<

Then my computer is venerable. :(

Haruka
February 1st, 2004, 12:16 PM
UH OH!!

I recived this message about the virus again... I think I should start a full system scan now.

Subject: VIRUS ALERT! Virus found in message sent by you!
Date: 2/1/2004 2:07:55 PM Eastern Standard Time
From: [email protected]
Reply To:
To: [email protected]

This is an automated message from Pathway Communications' E-mail Virus
Scanning Service which scans all inbound e-mail addressed to Pathway clients
for viruses.

Our virus scanning system has detected that you may have sent to Pathway
client: [email protected] a message infected with the following
VIRUS(es):

======================================
ALERT - VIRUSES DETECTED:
======================================
text.scr infected: I-Worm.Mydoom.a
text.scr disinfection failed: I-Worm.Mydoom.a
======================================

Please note that the e-mail address you see above may have been translated
for delivery from the original virtual e-mail address used by you and your
message may have been disinfected for delivery by our Virus Scanning
Service. You may wish to take the necessary steps to scan and disinfect
your own computer system.

======================================
This message is being sent to you as a matter of record. Pathway
Communications does not assume any liability or obligation whatsoever,
either directly or indirectly, in respect of identifying, disinfecting or
delivering any e-mail messages received and makes no warranties of any kind,
whether expressed or implied, in relation to the accessibility, accuracy,
reliability, safety or quality of the files or E-mail and exercises no
control and has no responsibility whatsoever over the information passing
through its system.
======================================

Shining Arcanine
February 1st, 2004, 12:18 PM
Hackers are not evil, they dont do anything wrong. Crackers are the people who do malicious things with their abilities. Personally, my ISP is really good at filtering this and I havent gotten one. Plus I run a good, up-to-date antivirus, and a firewall. Plus Im going through a router, so another firewall. I dont keep a contact list just in case something like this would slip by me. The more annoying thing about this virus is some peoples antivirus. The virus can spoof coming from you, and their antivirus sends you emails saying you sent them a virus, when you might not even have it. =\ I worry about frosty, who probably doesn't stay updated. ._.;

Hackers hack things. Crackers crack passwords. They are both evil...

By the way, my computer has been immune to the MyDoom virus for several months. :D

Haruka
February 1st, 2004, 12:27 PM
SA, is it just don't read suspicious email plan?

I am still woundering why I keep getting messages about MyDoom Virus. :-/

Shining Arcanine
February 1st, 2004, 01:58 PM
That is why it isn't getting on my computer. Anyway, it is 3 things:

1. My firewall quarentines attachments so it won't be able to execute.

2. Even if it executes, it won't be able to send out anything as my Firewall asks me before allowing a program to access the internet and if it is a program that I never installed or didn't execute, I investigate.

3. My hosts file is locked so it can't redirect security sites to localhost by editing it as when a file is locked, it is read only.

John Denver
February 2nd, 2004, 06:41 AM
I'm pretty sure that I had that before my computer was defragged...

man, I had about, 10 virii on my comp, 2 TROJAN HORSES!!!

*makes me kinda proud*

BOO ya!

Haruka
February 2nd, 2004, 03:01 PM
MyDoom attacks again :-/...

MyDoom worm spreads as attack countdown begins

Variant emerges, targets Microsoft



LONDON, England (Reuters) --Security experts warned on Thursday the fast-spreading MyDoom virus would plague e-mail users for some time as it counts down to a mammoth digital attack next week on Microsoft and software firm SCO Group Inc.

For a fourth consecutive day, Internet service providers and corporations were bogged down by a crush of infected e-mails.

Security experts said as many as one in three e-mails in circulation was triggered by MyDoom.A, making it the fastest spreading Internet contagion ever.

"We are seeing companies struggling with this as they cannot clear the viruses quickly enough," said Graham Cluley, technology consultant for anti-virus and anti-spam firm Sophos Plc. "This one will be with us for a while."

Meanwhile, sleep-deprived security experts said they were largely powerless to stop the virus's coordinated digital attacks, timed to hit Web sites for SCO on Sunday and Microsoft on Tuesday, security officials said.

"It's very difficult for anti-virus firms to react in these scenarios. We're always going to be on the back foot," said Paul Wood, chief information analyst for British-based e-mail security firm MessageLabs.

Machines turned into zombies

Since appearing this week, the MyDoom.A worm, also dubbed Novarg or Shimgapi, has infected computers across the globe by enticing users to open a file attachment that releases a program capable of taking over a victim's computer.

Once hit, the program scours the Web for more computers to infect. MyDoom.A is programmed to send spam e-mails to spread the infection further and marshal an army of infected machines to knock SCO's Web site offline on Sunday.

On Wednesday, a second variant dubbed MyDoom.B, appeared. It spread less quickly, but carried a program timed to unleash attacks on SCO and Microsoft. Also, it prevented access to anti-virus sites where patches for the bug are available.

Computer security companies continued to warn people not to open any suspicious attachments in e-mail messages.

Since the worms often appear as error messages from "Mail Administrators" and other official-looking addresses, many people inevitably open the attachment after finding minimal information in the message.

Computers running any of the latest versions of Microsoft's Windows operating system are at risk of being infected, although the worm doesn't exploit any flaws in Windows or software.

Instead, MyDoom is designed to entice the recipient of an e-mail to open an attachment with an .exe, .scr, .zip or .pif extension.

In the firing line

The financial damage from the outbreak -- from network slowdown to lost productivity -- is difficult to measure, but is assumed to be billions of dollars, according to experts.

For the ordinary computer user, MyDoom's toll will be measured in bounced e-mails and an inability at times to enter your inbox as ISPs seek to filter out bogus traffic.

For Microsoft and SCO, their Web sites are once again in the firing line.

SCO, a small Utah-based software maker suing International Business Machines Corp. over the use of code for the Linux operating system, has been the target of denial-of-service attacks in the past by apparent pro-Linux protesters.

Last year, Microsoft's site for software upgrades was permanently moved to a new Web address to avert a similar onslaught triggered by the Blaster worm.

SCO this week issued a $250,000 bounty for information leading to the arrests of the authors of MyDoom. In November, Microsoft offered two $250,000 rewards for tips leading to the arrest of the Blaster and SoBig virus writers.

Some security experts theorized that the MyDoom variants were written by the same individual or group, but had no solid clues on their whereabouts.


Copyright 2004 Reuters (http://www.cnn.com/interactive_legal.html#Reuters). All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

DragonTrainer
February 2nd, 2004, 03:13 PM
Well, I never got it, must be dumb luck XD

Haruka
February 2nd, 2004, 03:17 PM
Someone attempt to send it to me but it was blocked. >_<

DragonTrainer
February 2nd, 2004, 03:19 PM
Lol, the people who make these viruses must have lots of free time

Haruka
February 2nd, 2004, 03:25 PM
Yup, and want to damage other people's computers.. >_<

Imakuni?
February 11th, 2004, 04:03 AM
I had 7 trojans 3 worms (mblast32, sobig, welchia, AND f.sobig)