http://securityresponse.symantec.com/av ... .f@mm.html
Beware!
Nasty new version of a Virus(worm)...
Moderator: TheMachine
-
Diae Soulmender
- Star Farmer
- Posts: 460
- Joined: July 3, 2002, 6:27 pm
- Location: Vancouver, WA
- Contact:
Nasty new version of a Virus(worm)...
Khrashdin 80 Protection Paladin
Vox Immortalis - Hyjal-US
#1 World Ranked 10man Strict Achievement Guild
#3 World Ranked 10man Strict Progression Guild
http://www.guildox.com The Premier Guild Ranking Site
Vox Immortalis - Hyjal-US
#1 World Ranked 10man Strict Achievement Guild
#3 World Ranked 10man Strict Progression Guild
http://www.guildox.com The Premier Guild Ranking Site
-
Neost
- Almost 1337
- Posts: 911
- Joined: July 3, 2002, 1:56 pm
- Gender: Male
- XBL Gamertag: neost
- Wii Friend Code: neost
- Contact:
This is a nasty new email virus.
Nachi and MSBlaster were the worm and variant that requires patches. MSblaster was the original worm and Nachi was a variant that looks like someone wrote it to try and actually patch windows boxes that were infected. Problem was it does it by by searching for machines that are vulnerable with a flood of icmp packets, debilitating a network. Once it found vulnerable machines it attempted to apply the patch but that was usually screwed up. I've seen routers crashing from the severe flood of icmp traffic for 2 days now.
The newest threat is a variant of an old email virus that seems to be quite virulent and is flooding email systems.
Winnow, you been writing virii again?
Nachi and MSBlaster were the worm and variant that requires patches. MSblaster was the original worm and Nachi was a variant that looks like someone wrote it to try and actually patch windows boxes that were infected. Problem was it does it by by searching for machines that are vulnerable with a flood of icmp packets, debilitating a network. Once it found vulnerable machines it attempted to apply the patch but that was usually screwed up. I've seen routers crashing from the severe flood of icmp traffic for 2 days now.
The newest threat is a variant of an old email virus that seems to be quite virulent and is flooding email systems.
Winnow, you been writing virii again?
-
Zygar_ Cthulhukin
- Almost 1337
- Posts: 654
- Joined: September 4, 2002, 9:18 am
- Gender: Male
- Location: Ar-keen-saw
-
Zygar_ Cthulhukin
- Almost 1337
- Posts: 654
- Joined: September 4, 2002, 9:18 am
- Gender: Male
- Location: Ar-keen-saw
Watch out for this and Lovgate. Lovgate completely debilitated an entire city network today which took me 8 hours to isolate and fix tonight.
Lovgate apparently gets fed via Kazaa. I checked the virus out on symantec's website, and refused to believe it could be fed over kazaa, but sure enough, the 2 culprit computers on the network were both running kazaa. I am sure they will be fired tomorrow.
This fucker after executed plants more bombs in EVERY network share on any server in the organization. Then it starts mad emailing itself. First it starts off emailing itself using your exchange server, and when it fails it has a failsafe smtp daemon built in and just bypasses that.In 8 hours, the exchange server processed 7.3 million email messages, of which over half had bad addresses or bad headers and the badmail folder exploded to a whopping 4+ million entries (equating to 2 million bad mails). Once the exchange server crashed under the load, the virus went direct to the internet through the core routers, sucking the resources out of each one. After the exchange server failed, then the network basically crumbled under the load. And this isnt some wussy network, I am talking a network run with 2 cisco 3600 series core routers, with a cabletron 6000 layer 3 switch on the lan.
I won't know until tomorrow morning if the exchange message stores were corrupted since I assume its going to take all night just to run the del *.* job thats running in the badmail directory. But that 7001 ID that came up usually means break out the eseutil and hope for the best.
Please, people, be careful of what you open. All the virus protection in the world does no fucking good if you open the attachment anyway.
Im off to bed now. /rant off.
Lovgate apparently gets fed via Kazaa. I checked the virus out on symantec's website, and refused to believe it could be fed over kazaa, but sure enough, the 2 culprit computers on the network were both running kazaa. I am sure they will be fired tomorrow.
This fucker after executed plants more bombs in EVERY network share on any server in the organization. Then it starts mad emailing itself. First it starts off emailing itself using your exchange server, and when it fails it has a failsafe smtp daemon built in and just bypasses that.In 8 hours, the exchange server processed 7.3 million email messages, of which over half had bad addresses or bad headers and the badmail folder exploded to a whopping 4+ million entries (equating to 2 million bad mails). Once the exchange server crashed under the load, the virus went direct to the internet through the core routers, sucking the resources out of each one. After the exchange server failed, then the network basically crumbled under the load. And this isnt some wussy network, I am talking a network run with 2 cisco 3600 series core routers, with a cabletron 6000 layer 3 switch on the lan.
I won't know until tomorrow morning if the exchange message stores were corrupted since I assume its going to take all night just to run the del *.* job thats running in the badmail directory. But that 7001 ID that came up usually means break out the eseutil and hope for the best.
Please, people, be careful of what you open. All the virus protection in the world does no fucking good if you open the attachment anyway.
Im off to bed now. /rant off.
