UPDATE YOUR VIRUS DEFINITIONS IMMEDIATELY :eek:

[W32.Novarg.A@mm or W32/Mydoom@MM is a mass-mailing worm. The worm will arrive as an attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip.

When the machine gets infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This will potentially allow a hacker to connect to the machine and utilize it as a proxy to gain access to it's network resources. In addition, the backdoor has the ability to download and execute arbitrary files.

The worm will perform a DoS starting on February 1, 2004. On February 12, 2004 the worm has a trigger date to stop spreading.

http://slashdot.org/article.pl?sid=04/01/27/0038234&mode=thread&tid=126&tid=128&tid=172&tid=185&tid=190&tid=201

How do they know when it is going to start ?
From examining the code ?

Yes,
This time the code was encripted too. Uses victims' computers in Denial of Service attacks against SCO.
And goes into Kazaa network.
And leaves new back doors open.

I posted last night in the Forums re first reports on this..in "why use AV". here (http://www.pcguide.com/vb/showthread.php?s=&postid=164502#post164502)

Looks like you both beat IXL to the punch.:D

http://www.pcguide.com/vb/showthread.php?s=&threadid=27542


Uses victims' computers in Denial of Service attacks against SCO.

I wonder if it was written by some linux people by any chance.
http://www.pcguide.com/vb/showthread.php?s=&threadid=27543

No, not written by any Linux gurus.......the coding is too darn sloppy for that.

It is about half encrypted........

And I don't know........for once they picked on someone worth picking on......:D

Originally posted by mjc
No, not written by any Linux gurus.......
Linux disciples more probably ?

No,
probably written by someone who hates lawyers/corporations, etc and doesn't mind using innocent computer users to do so.

Originally posted by jeeza,How do they know when it is going to start ?
From examining the code ? Yes, by examining it's code.

some related comments and links.


"This worm is far more efficient and far smarter than we've seen in the past," said Yoran, who worked at anti-virus software company Symantec Corp. before moving to the Homeland Security Department.

According to Symantec, the worm also installs a "key logger" that can capture anything that is entered, including passwords and credit card numbers, and will start sending requests for data to SCO's Web site. If enough requests are sent, the SCO site could be forced off-line.

SCO Offers $250,000 MyDoom Reward
http://news.netcraft.com/archives/2004/01/27/outages_continue_as_sco_offers_250000_mydoom_rewar d.html

Online Jubilation About MyDoom's SCO Attack
http://www.extremetech.com/article2/0,3973,1464429,00.asp

Have you been to the Slashdot (http://slashdot.org/article.pl?sid=04/01/27/0038234) , some interesting, some outrageous comments........[Page Down to see the comments and change the view to flat for easier read, morethan 835 comments...] A must visit.

This is one of the quotes from Slashdot:

Google now shows Caldera as the first hit for a search on "litigious bastards", while www.litigiousbastards.com (a site about SCO) comes up about five down. Go team!

Mostly confirmed that it isn't Linux supporters.......

http://www.messagelabs.com/news/virusnews/detail/default.asp?contentItemId=733&region=america

A new version discovered that attacks M$.

Here (http://www.computerworld.com/securitytopics/security/virus/story/0,10801,89494,00.html).

Not only that, it now tries to block access to security sites.

I CAN'T BELIEVE THIS HAS SPEARD ALL OVER THE NET. WHEN WILL IDIOT USERS WAKE UP AND STOP OPENING ATTACHMENTS WHEN THEY ARE NOT EXPECTING THEM. MAYBE AFTER THEY GET A VIRUS THAT FORMATS THE HARD DRIVE AND FLASHES THE BIOS TEHY WILL STOP.

Any, that's my 2 cents. Why are people opening these attachments?

Maybe it is because they are new to computors?? There has been instances on these forums when even one or two of the upper Geeks have been caught;) :D I cannot or will not recall thier names :cool:
Stefanus

wxw.sco.com ddosed

Take it easy by netcraft
"In fact, the author of the MyDoom virus has delegated control of the most enormous volume of http traffic that the Internet has yet seen to hxstmaster@sco.com. On a whim, SCO can direct that Tsunami at an object of their choosing, simply by changing an A record in named.conf in time for the change to propagate by Sunday."

www.sco.com is a weapon of mass destruction (http://news.netcraft.com/archives/2004/01/30/wwwscocom_is_a_weapon_of_mass_destruction.html)

Business like by Reuters
"The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of American software firm SCO Group with a massive data blitz.The speed and severity of the attack surprised security officials. "It was spectacularly successful," said Mikko Hypponen, research manager at Finnish anti-virus firm F-Secure."

MyDoom Net Worm Scores Hit, Knocks Out SCO Site (http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=4256399)

I have just done a STUPID thing. After opening my mail box I clicked on a returned mail message. It opened so quickly! I realised that I had not sent any e-mails for the pst 24 Hrs. What must I look out for now:(
I ran NAV immediately but found nothing,It was just not me.I never open anything that I do not recognise. It looked genuine untill the penny dropped, asking me to click on the link to the Postmaster.

Quote from NEIL George. Accidents do not just happen they are caused!!
And do I not now know it
Stefanus

You know how to do all the security scans and check the HJT log... Probably a good idea to do so....

Thanx! Budfred for those kind and reassuring words;) Will do.
Stefanus