[Capt'n Mike]

Watch out for the new virus that's been spreading. I've already received several infected messages.

[email protected] is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files.

The worm will perform a DoS starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

This virus is spread via email, and the messages may have the following characteristics;

From: may be a spoofed from address

Subject:
(one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error

Message:
(one of the following)
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachment:
(one of the following)
document
readme
doc
text
file
data
test
message
body

--------------------------------------------------------------------------------
Notes:
The attachment may have two suffixes. If so, the first suffix will be one of the following:
.htm
.txt
.doc

The worm will always end with one of the following suffixes:
.pif
.scr
.exe
.cmd
.bat
.zip

Be extra careful opening messages from people you don't know, or messages that contain any of the subjects listed above, even if it's from people you do know!

Finally, make sure that your anti-virus signatures are up to date!

 

[pauligan]

I've received several at work already today...

Attachment was quarantined but I opened it anyhow...

oopss hope I didn't unleash anything...

 

[Focker]

Thanks Mike!!! The last thing I need is to catch a virus... just got over that [email protected] cold not too long ago.

 

[btenn]

I`ve recived at least 20 such emails in the last 24 hours

is this someone I know sending them to me or just getting sent a random??

 

[WETBAR]

Thank's for the virus warning Mike!!! A virus attached itself to all my files a few years ago and doubled every file on my computer overloading it. I had to clear my hardrive. That Sucked!!!
Viruses Can Be Vedy Vedy Sneaky!!!

 

[surfergirlck]

i just updated all my virus definations. so far, so good... but those vedy vedy sneaky virus suck! lol!

thanks for the 411, capt mike!

 

[Capt'n Mike]

QUOTE(btenn @ Jan 27 2004, 09:45 AM)I`ve recived at least 20 such emails in the last 24 hours

is this someone I know sending them to me or just getting sent a random??
In your case... it might be somebody you know...

No.. it's completely random. When infected, the PC turns around and sends out like 100 messages in 30 seconds. It searches your computer for email addresses in files with the following extensions.

.htm
.sht
.php
.asp
.dbx
.tbb
.adb
.pl
.wab
.txt

 

[ThreeCrabs]

I read about that last night on Drudge....They should put these guys in prison if they catch up with them.....it's just soooo wrong to do this to people. Think about all the info you keep on your systems.

BButt, can you block the sender? It's probably someone you, but they don't know their system is doing it.

Here are some links:
TrendMicro

Panda

AVG antivirus

Norton's update This will update your anti-virus definitions more than using the update button on the software.

 

[WETBAR]

ttt

 

[surfergirlck]

just got hit with my first two!

TTT!

 

[Shandog]

I just got a weird email from lord knows who and it says I sent something to someone (which I have no idear who the listed email address is) But it said this: (AND IT CAME WITH NO ATTACHMENT)

"A virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination."

"The virus was reported to be:

virus WORM_MIMAIL.R"

'sup with that????

 

[Capt'n Mike]

I don't think that is anything to worry about, Shan.
In some cases, the viruses will use the email address of the person who opened the infected message, but often it will spoof the "from address" from people's inbox, sent folders, or even html cache.

 

[Shandog]

K! I didn't think so either since I didn"t open any suspicious attachments but ya never know

 

[PyrateJim]

Between regular email and business email accounts, I am averaging about 3 emails per hour for hte last 24 - 36 hours with this worm. Luckily, I ahve Symmantic through Earthlink running and it has caught them all. Also getting the "return to sender" email with it in it. A simply delete key has fixed those.

To think what could happen if the person(s) who write such programs were to turn their talents to the side of the force and do something good with their skills.

 

[Focker]

I just received an email stating that the file attachment data.scr was removed.

 

[mongo]

I'm sure I'm not the first person to assume this, but in my opinion the folks who develop and deploy these insidious computer viruses are independent contractors working for the virus protection software companies. These companies rely on damaging viruses to stay in business, so they manufacture their own need for existence...

Makes perfect sense to me

 

[Madmax]

To late . I got one , my Internet Explorer is gone
Any advise what to do now ?????