new worm

[Ennia]

watch out for this one

SAN JOSE, Calif. - A malicious program attached to seemingly innocuous e-mails was spreading quickly over the Internet on Monday, clogging network traffic and potentially leaving hackers an open door to infected personal computers.

The worm, called "Mydoom" or "Novarg" by antivirus companies, appears to be an e-mail error message. A small file is attached that, when launched on computers running Microsoft Corp.'s Windows operating systems, can send out 100 infected e-mail messages in 30 seconds to e-mail addresses stored in the computer's address book and other documents.


The attack was first noticed Monday afternoon. Within hours, thousands of e-mails were clogging networks, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.


Besides sending out e-mail, the program appears to open up a backdoor so that hackers can take over the computer later.


"As far as I can tell right now, it's pretty much everywhere on the planet," Gullotto said.


Symantec, another antivirus company, also said the worm appeared to contain a program that logs keystrokes on infected machines. It could collect username and passwords of unsuspecting users and distribute them to strangers.


Network Associates did not find the keylogging program.


Symantec also found code that appeared to target The SCO Group Inc., which claims some of its intellectual property has ended up in the Linux (news - web sites) operating system and is threatening lawsuits. SCO's Web site, which has been targeted in the past, was available but sluggish late Monday.


The computer security firm Central Command confirmed 3,800 infections within 45 minutes of initial discovery.


"This has all the characteristics of being the next big one," said Steven Sundermeier, Central Command's vice president of products and services.


Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes. Instead, one of its messages reads: "The message contains Unicode characters and has been sent as a binary attachment."


"Because that sounds like a technical thing, people may be more apt to think it's legitimate and click on it," said Steve Trilling, Symantec's senior director of research.


Subject lines also vary. The attachments have ".exe," ".scr," ".cmd" or ".pif" extensions, and may be compressed as a Zip file.


Microsoft offers a patch of its Outlook e-mail software to warn users before they open such attachments or prevent them from opening them altogether. Antivirus software also stops infection.


Christopher Budd, a security program manager with Microsoft, said the worm does not appear to take advantage of any Microsoft product vulnerability.


"This is entirely a case of what we would call social engineering — enticing users to take actions that are not in their best interest," he said.


He said the software giant was working with other companies to learn more about the worm, but that, as of yet, the information about the worm was still "very spotty." The Redmond, Wash.-based company was encouraging users to take precautions such as using an Internet firewall and using up-to-date antivirus software.


Mydoom isn't the first mass-mailing virus of the year. Earlier this month, a worm called "Bagle" infected computers but seemed to die out quickly. So far, it's too early to say whether Mydoom will continue to be a problem or peter out, experts said.

"Over the next 24 to 48 hours, we'll have a much better sense," Trilling said. "Right now, the trend is only up."

[Runcade]

my college got hit with this. everyone had like 20 emails with the bad attachment sitting on it in their inboxes

[Bubba Grizz]

I just started a contract at Schneider National yesterday and saw the virus hit the folks on my team. They got it from one of their sites in Chicago. Looks like I will have a busy day.

[Akaran_D]

It's another email spoofer too.
I hate those.

[Aabidano]

Had 6 cleaned copies of it from an internal mailing list, none to my normal email account.

Network is running like shite, I'd guess we're getting pounded despite the server-side filtering.

[Deward]

I saw it starting last night right as I was about to leave work. I am not on the virus team so I ignored it and went home. It was all cleaned up by the time I got back today.

[Hesten]

Fun thing, this is only a problem if you got users stupid enough to actually click on the email attachments.

The users at the hospital i work at ARE stupid, we had a minor test of basic IT knowledge, and 1/3 of the 3500 users flunked on basic IT knowledge.

But after we got hit with Bugbear when it came out, we been pounding our users NOT to run attachments if they dont know what it is, and we actually got users calling our hotline to ask if email XXX are one the can open the attachments for or not.
We of course have a few people running the attachments, but we havent had a 20+ computers infected with a email virus since bugbear (had MSBlast of course, but that one not due to stupid users).

Just teach the users to NEVER click on attachments they dont know, remind them in mails and popups once a month, and it works.

[Seebs]

I opened all of mine and got free porn. Guess sometimes you just have to take a chance.

[Canoe]

Seebs = Priceless.

[Skogen]

I opened all of mine and got free porn. Guess sometimes you just have to take a chance.

LMAO.


p.s. Ennia, bring back your avatar!

[Ennia]

you don't like "Steve"? Guy's a riot, I think I'm falling for him.

dancing girl is 60megs, it won't accept the upload, maybe I'll use her in a sig sometime

[Skogen]

you don't like "Steve"? Guy's a riot, I think I'm falling for him.

dancing girl is 60megs, it won't accept the upload, maybe I'll use her in a sig sometime

WTF? 60 megs?

[Ennia]

sorry 60kb, still won't fit, will it?

[Skogen]

sorry 60kb, still won't fit, will it?

25k is the limit...for some reason.