*MyDoom virus alert*

Red Squirrel · Post by **Red Squirrel** » Tue Jan 27, 2004 4:18 pm

MyDoom prevention and cure
By Robert Vamosi

(1/26/04)

MyDoom is a mass-mailing worm that masquerades as a test message. MyDoom (w32.mydoom@mm, also known as Novarg, Shimgapi, Shimg, and MiMail.r) takes advantage of the ZIP file format's ability to pass through e-mail filters. It also uses Kazaa to spread. Within the first few hours, MyDoom spread quickly around the world. It affects only Windows users, not those using Macintosh, Linux, or Unix. Much of the worm's code is itself encrypted, and antivirus firms are still studying it. Because MyDoom spreads via e-mail and could severely slow or shut down e-mail servers with excess traffic, this worm rates a 7 on the CNET Virus Meter.
How it works
MyDoom arrives as e-mail with the subject line "Mail Delivery System," "Test," or "Mail Transaction Failed.” The body text reads: "The message contains Unicode characters and has been sent as a binary attachment." The attached files are one of the following:

document.zip
document.pif
doc.scr readme.exe
file.zip
message.zip
oia.zip
text.zip
When the worm is executed, MyDoom adds the following to the Windows/System subdirectory:

shimgapi.exe
taskmon.exe
If you are running the file-sharing program Kazaa, MyDoom will add a file named activation_crack.scr in this location: C:Program filesKazaaMy Shared Folder.

The worm appears to install programs on infected computers, however, the programs themselves are encrypted. MyDoom is known to open Windows Notepad and display garbage text; it is also thought to be flooding SCO.com with a denial-of-service attack. In addition, the security company iDefense and McAfee are reporting that MyDoom opens port 3127 to listen for commands from a remote attacker.

Prevention
If you receive MyDoom, do not open the attached file. Delete the e-mail.

Removal
Almost all antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, Computer Associates, F-Secure, McAfee, Norman, Sophos, Symantec, or Trend Micro.

Archived topic from Iceteks, old topic ID:1973, old post ID:16143

brandon · Post by **brandon** » Tue Jan 27, 2004 10:47 pm

I can open it with no problems, because OE's setup on my computer is very secure.

I don't even get emails. I feel lonely

Anyway, I haven't seen a virus in my email since the Swen days.

Archived topic from Iceteks, old topic ID:1973, old post ID:16163

Red Squirrel · Post by **Red Squirrel** » Tue Jan 27, 2004 11:16 pm

You can open the zip file, but if it's you open the file inside. But other security measures such as an A/V should stop it anyway, but I never take chances.

Archived topic from Iceteks, old topic ID:1973, old post ID:16166

brandon · Post by **brandon** » Wed Jan 28, 2004 12:15 am

Not all of the files are zip, one of them is an exe.

Anyway, I have it set so OE doesn't open attachments, or download messages when I preview them, and I also have OE set to use IE's restricted sites zone for a great deal of security. In other words, I am almost invulnerable to email viruses.

Archived topic from Iceteks, old topic ID:1973, old post ID:16169

Chris Vogel · Post by **Chris Vogel** » Wed Jan 28, 2004 8:34 pm

I thought you used Thunderbird, Brandon.

Anyway, all these viruses! I hope my mother doesn't open one. I pretty much trust her though.

She's getting geekier by the month.

Archived topic from Iceteks, old topic ID:1973, old post ID:16196

manadren_it · Post by **manadren_it** » Wed Jan 28, 2004 10:57 pm

Another day, another OutlookOE virus...

Howevr, SCO is offering some like a $25k bounty for the guy who wrote this one. Hope somebody collects soon

Archived topic from Iceteks, old topic ID:1973, old post ID:16209

Red Squirrel · Post by **Red Squirrel** » Wed Jan 28, 2004 11:35 pm

What does SCO have to do with this though?

Archived topic from Iceteks, old topic ID:1973, old post ID:16210

manadren_it · Post by **manadren_it** » Thu Jan 29, 2004 1:24 am

Red Squirrel wrote: What does SCO have to do with this though?

Red Squirrel wrote: it is also thought to be flooding SCO.com with a denial-of-service attack

Someone needs to start reading his own posts

Archived topic from Iceteks, old topic ID:1973, old post ID:16213

Red Squirrel · Post by **Red Squirrel** » Thu Jan 29, 2004 9:31 pm

Oh... I see, I somehow did not catch on to that part.

Archived topic from Iceteks, old topic ID:1973, old post ID:16224

brandon · Post by **brandon** » Fri Jan 30, 2004 3:32 pm

takahita_tsukino wrote: I thought you used Thunderbird, Brandon.

Anyway, all these viruses! I hope my mother doesn't open one. I pretty much trust her though. She's getting geekier by the month.

I did, before I did a reformat.

Archived topic from Iceteks, old topic ID:1973, old post ID:16232