 New MyDoom Variant - MEDIUM-ON-WATCH, impacting Google & search engines also |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
  Jul 26 2004, 07:29 PM
Post
#1
|
|
 Security Reporter  Group: News Reporters Posts: 487 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
http://secunia.com/virus_information/10755/ http://secunia.com/virus_information/10879 http://vil.nai.com/vil/content/v_127033.htm http://www.trendmicro.com/vinfo/virusencyc...e=WORM_MYDOOM.M http://www.sarc.com/avcenter/venc/data/w32.mydoom.m@mm.html Attachments to avoid: EXE, COM, SCR, PIF, BAT, CMD, ZIP (may be doubly ZIPped) EXAMPLE:  This new variant of W32/Mydoom is packed with UPX. Similarly to previous variants, it bears the following characteristics: - mass-mailing worm constructing messages using its own SMTP engine - harvests email addresses from the victim machine - spoofs the From: address - contains a peer to peer propagation routine FREE CLEANING TOOL http://vil.nai.com/vil/stinger/ -------------------- |
 |
 
|
|
Jul 26 2004, 11:19 PM
Post
#2
|
|
 Bleep Bleep! Group: Admin Posts: 29,005 Joined: 24-January 04 From: USA Member No.: 3 |
I just got one of these emails today
-------------------- Lawrence
|
|
|
|
|
Jul 27 2004, 10:11 AM
Post
#3
|
|
 Forum Addict Group: Global Moderator Posts: 20,306 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
This was the subject of an US-CERT Security Alert issued yesterday (SA04-208A):
This variant of MyDoom (known as MyDoom.M or MyDoom.O) is significant because it seems to be conducting searches on addresses it harvests from infected computers. Therefore, not only is email activity affected, response times in many popular search engines may be dramatically reduced. Regards, John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
Jul 27 2004, 10:25 AM
Post
#4
|
|
 Bleepin' Conundrum Group: Global Moderator Posts: 8,864 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
MyDoom virus KOs 4 search engines
That includes Google, which is preparing to go public. BYRON ACOHIDO and JON SWARTZ USA TODAY 27 July 04 SEATTLE - The latest version of the MyDoom e-mail virus, MyDoom.M, fooled tens of thousands of computer-savvy workers into triggering a disruption that knocked Internet search sites Google, Yahoo, Lycos and AltaVista off line for several hours yesterday. MyDoom.M lured office workers facing stuffed post-weekend in-boxes into opening a folder presumably holding details about an undeliverable message. As with previous versions of the virus, that action sent copies of the virus to all e-mail addresses on the victim's hard drive. The new twist: MyDoom.M, hunting for more e-mail addresses to spread itself to, also generated search queries to four of the largest search sites. The deluge knocked Google off line as it is trying to look its best for an initial public offering. The FBI has opened an investigation, but so far believes the timing was coincidental. Google is preparing one of the largest tech stock offerings ever when cybercrooks, by many measures, seem to be gaining the upper hand on Internet security. Google said a small percentage of patrons were affected, and its Web site was not significantly impaired. Yahoo said a small number of users were affected. Lycos and AltaVista declined comment. The latest virus underscores growing concern about the changing nature of hack attacks. "Viruses used to destroy data," says Bruce Townsend, deputy assistant director for investigations at the U.S. Secret Service. Now, he says, viruses are designed to filch data or "take it hostage." -------------------- |
|
|
|
|
Jul 27 2004, 10:36 AM
Post
#5
|
|
 Guru at being a Newbie Group: HJT Team Posts: 5,715 Joined: 8-April 04 Member No.: 96 |
I just got an email from Kaspersky news. Something I didn't see posted clearly that makes this even worse:
QUOTE Mydoom.m didn't only cause search engines to malfunction; its main
malicious payload is a backdoor function. Once the worm has penetrated the victim machine, it opens a port to receive remote commands. Virus writers will then have full control over the infected machine, and will be able to delete or modify data steal information, and install other programs at will. An urgent update for Kaspersky Anti-Virus databases has already been released, and a detailed description of I-Worm.Mydoom.m (http://www.viruslist.com/eng/viruslist.html?id=1927276) is now available in the Kaspersky Virus Encyclopaedia. -------------------- You know everybody is ignorant, only on different subjects.
Will Rogers To stay secure is to stay updated. Calendar of Updates. |
|
|
|
|
Jul 27 2004, 07:09 PM
Post
#6
|
|
|
Bleepin' Conundrum Group: Global Moderator Posts: 8,864 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
"SLATE" Magazine article claims...
"Fight Virus With Virus That's the only way to stop MyDoom." <http://slate.msn.com/id/2104432/> Go get 'em White-Hat-Hackers!!! 
-------------------- |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 10th October 2008 - 10:55 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.