New Virus

[I.am]

I know most of you dont open attachments like me. But there are many who do.

-----------

A mass-mailing virus quickly spread through the Internet on Monday, compromising computers so that they attack the SCO Group's Web server with a flood of data on Feb. 1, according to antivirus companies.

The virus--known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies--arrives in an in-box with one of several different random subject lines, such as "Mail Delivery System," "Test" or "Mail Transaction Failed." The body of the e-mail contains an executable file and a statement such as: "The message contains Unicode characters and has been sent as a binary attachment." ...

... More Info & Source

[shn]

It wont be infecting mine

[I.am]

Originally posted by shn@27 January 2004 - 00:18
It wont be infecting mine

i know

[shn]

SCO Group sucks anyway. Their the ones that want to charge for linux.

I hope they get dd0sed out of existance!

[I.am]

The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

--->

SCO's Web site was taken offline by denial-of-service attacks a handful of times in the last year, none of which had been initiated by a virus. In the past, the company has blamed Linux sympathizers for at least one of the attacks.

shn, what are you upto now

[shn]

[4play]

this will probably look bad on the linux community. who else would want to attacks sco.

apart from google, the bsd community, the australian goverment ,just about everyone that uses linux and all the people they sent bills to for $699 for using their intellectual property even though their court case looks about ready to collapse.

this virus requires you to unzip it and execute the binary payload. unless you are a complete muppet its gonna be quite hard to get infected.

[I.am]

Yup. But its in executable form as well. It also copies itself to kazaa's shared directory and renames itself as diff. software names.

[shelly]

WHILE WILD BIRDS apparently are dropping stone dead from the sky in Thailand from influenza, the MyDoom worm continues to wreak havoc in the PC world.
According to Kaspersky Labs, the infection – also known as Novarg, likely was written in Russia.

The firm said that over a few hours the program infected around 300,000 computers worldwide. And, Kaspersky says, the sudden explosion of the worm means that the virus writers have prepared the attack carefully.

It said that when the worm infected a critical mass of computers in the network, a command was sent to mail MyDoom out – the same approach used by Sobig.F.

The worm has a random falsified sender address, eight possible message headers, 18 possible attachment names and five possible extensions to attached files, said Kaspersky.

It spreads not only by email but through the Kazaa network, said Kaspersky, and masquerades under different names such as winamp5 and icq2004-final.

If the attachments are clicked on, the worm opens a Notebook window with random characters, makes two files in the Windows folder – taskmon.exe and shimgapi.dll. These files enter the system registry auto run key.

The worm then scans the disk for email addresses and mails copies of itself all over the place. It also installs a proxy server on the infected computer so that a machine can be used to spam or mass mail new versions, said Kaspersky.

It also installs a backdoor letting the virus writer control PCs, remove or change data, and install third party programs.

It also includes a module to organise a denial of service attack on the SCO web site, to be activated between the 1st and the 12th of February.

This is Post from another forum, my thanks to Bluedevil

[james_bond_rulez]

these guys know a thing or two about networking.....

very impressive...

open proxy.... wow