OT: Relentless Virus Attacks

Btw, the first one I got on Monday was from a SolidWorks Corp email address. I have not received one from my own site or Brian's site or anyones site relating to this ng, yet.

This virus is interesting from what I've read and has more variants to come.. What I saw of it, it sets a task schedule for doing something next month.

M$ just put a bounty of $250K for this virus.

..

"Mike J. Wils>

Me too!! It's as if the virus is actually clever enough to know which email address your most likely to open.

Mike

----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----

---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

Paul, The original variant is set to attack the SCO site on Sunday. The second attacks both Microsoft and SCO next Tuesday. SCO has a $250K reward and Microsoft has 2 x $250K

i got a couple that actually threw me for a sec. It was from MY ISP telling me a message I sent didn't get thru.

Also got one that was FROM me!

makes me kinda wonder if someone at work is infected.

-nick e.

Mike J. Wils> It's kind of eerie, but I'm actually getting virus attachments

Chances are that someone that knows you AND the others listed as TO or FROM has it. I think it reads the address book, perhaps in Outlook Distress or MS's. .

Run it's headers (or those shown in a bounce as if it came from YOU) thru spamcop.net to find out what ISP it really came from. Then send them and their abuse addresses a complaint with a copy of the headers.

Best way to stop such things AFAIK. The *real* sender's ISP should be able to deal with the infected user (I hope).

Another option: post the addresses mentioned if and see who, if anyone, knows two or more of them. If anyone does chances are fair that their machine is infected.

Update your anti-virus software now and every few days. It does take time for the anti-virus folks to update their virus databases (It's not, I hope, like they know of the virus before it becomes endemic in the wild.)

HTH

The worm searches the hard drive of the infected host computer for email addresses, and sends itself out to those addresses and "spoofs" some of those email addresses. Uses Kazaa to send itself, and doesn't specifically target just the Outlook address book (as far as any info I've seen). Yeah, I've been sent one message from "myself" also, and from my wife. Obviously someone we both know has been infected. For anyone who suspects they may be infected, there's a removal tool available from Symantec at:

Be sure to read (and follow) the instructions. Reinfection is possible if you don't.

One way to tell if you're infected is to look in your \windows\system32 and \windows\system folders to see if there is a DLL named shimgapi.dll.

'Sporky'

Cliff Huprich wrote:

. . . (clip) . . .

I got hammered with virus-laden emails after first posting to this site via Google. I'm guessing somebody's crawler picked up the address and it went from there.

Fortunately, I used a temporary email address, which I removed from service.

I have gotten 50 virus laden e-mails since Dec 15 which I know isn't too bad. Most of them look like they have been cleaned by some of the systems we have in place before they even get to our server. Is there someone I should e-mail them to for research or tracking or should I just DELETE DELETE DELETE

Corey

I think that virus is getting controlled. Only got two copies so far today. This is a new virus.

IIRC It can use that to spread, IF you have it installed, without needing Email to you. Otherwise it uses Email (or both).

Spotted this at spamcop.net (email news?) [ Jan 26, 2004 [19:13 EST] A new virus, alternately called Mydoom or one of the Mimail variants, is spreading quickly this afternoon. It was apparently first picked up by the virus labs the middle of this afternoon (EST). ......... ]

Note the date. Assure that your anti-virus software is later by far, just in case. Some is only updated weekly or monthly by the vendor I suspect. And THEN you must update your machine.

Good guess, anyway. But you may have gotten a bounce too (bad/old address) when your address was forged in the FROM field. I've had 3 of those so far but no copies of the virus otherwise. I know the domains they were sent TO and bounced from though ... in 2 cases.

Good info far any doing a little file sharing with Kazaa or any that suspect.

I spoke too soon got 80 virus related e-mails over the weekend most of them were

The MessageXchange Virus software on smtpin2.usinternet.com has reported that you were sent an E-mail from snipped-for-privacy@semo.net, containing the W32/Swen.A@mm virus in the Q823487.exe attachment.

The subject of the E-mail was "Newest Internet Security Upgrade".

Isn't that one dead yet. Anyway it was generated through this group.

of