*

Recent Posts

Welcome, Guest. Please login or register.
November 15, 2024, 12:40:37 PM

Login with username, password and session length

Members
  • Total Members: 61
  • Latest: AciDeX
Stats
  • Total Posts: 28505
  • Total Topics: 1915
  • Online Today: 121
  • Online Ever: 569
  • (August 02, 2024, 06:20:39 AM)
Users Online
Users: 0
Guests: 18
Total: 18

Permissions

Author Topic: WORM_MIMAIL.R  (Read 2494 times)

0 Members and 1 Guest are viewing this topic.

Offline ZWarrior

  • Administrator
  • Hero Member
  • *****
  • Posts: 7798
  • Karma: 8
  • Shhh! Be wery wery qwiet...
    • View Profile
    • Ambush!
WORM_MIMAIL.R
« on: January 27, 2004, 10:02:13 AM »
There is a widespread outbreak of the WORM_MIMAIL.R email worm.

This worm is spoofing the sender's email address. If you receive one of these emails, the person in the FROM: address is NOT the person who sent it to you.

If you are running an email server with antivirus software that bounces virus infected emails, FOR GOD'S SAKE STOP BOUNCING THEM! You are participating in a denial of service attack by bouncing viruses at people who are not infected. You could even infect them yourself! STOP BOUNCING THEM!

If you receive an email like the one described below, DON'T OPEN IT! Delete it immediately, update your antivirus program and scan. If you don't have an antivirus, get one.
http://www.nod32.com/ Nod32 $39.00 (The best AV available) http://www.grisoft.com/ AVG Free (Good enough for the price)

Description From Trendmicro:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004 1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the spread of WORM_MIMAIL.R.

Also known as W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg.A@mm

This mass-mailing worm selects from a list of email subjects, message bodies, and attachment file names. It can also propagate using the Kazaa peer-to-peer file sharing network.

It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004.

It runs on Windows 98, ME, NT, 2000 and XP.

It sends email with the following details:

Subject: (any of the following)
• Error
• Status
• Server Report
• Mail Transaction Failed
• Mail Delivery System
• hello
• hi

Message Body: (any of the following)
• The message contains Unicode characters and has been sent as a binary attachment.
• The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
• Mail transaction failed. Partial message is available.
• test

Attachment: &ltRandom name>.zip
--------------------------------
Zoë: Shepard, isn't the Bible kind of specific about killing?
Book: Very specific. It is, however, somewhat fuzzy around the area of kneecaps.

Offline Boomslang

  • Hero Member
  • *****
  • Posts: 1715
  • Karma: 5
    • View Profile
    • http://www.xbitlabs.com/
WORM_MIMAIL.R
« Reply #1 on: January 28, 2004, 07:13:28 AM »
It came to me today as hi saw this post and others and delete away it went.


All right. got another one

[Edited on 1-28-2004 by Boomslang]

Offline JollyRoger

  • That's Captain
  • Hero Member
  • *****
  • Posts: 3965
  • Karma: 5
  • I be plundering the interweb for booty.
    • View Profile
WORM_MIMAIL.R
« Reply #2 on: January 28, 2004, 10:39:58 AM »
SCO claims to have a $250,000 bounty out on whoever created it.
No matter how hard you try to push the envelope, remember it's only stationary.

Offline ZWarrior

  • Administrator
  • Hero Member
  • *****
  • Posts: 7798
  • Karma: 8
  • Shhh! Be wery wery qwiet...
    • View Profile
    • Ambush!
WORM_MIMAIL.R
« Reply #3 on: January 28, 2004, 04:22:41 PM »
they just want to spend some of that cash they see coming from the licensing of the Linux kernal.

I want it paid as a cashier's check or cash.  No company checks thank you very much.
--------------------------------
Zoë: Shepard, isn't the Bible kind of specific about killing?
Book: Very specific. It is, however, somewhat fuzzy around the area of kneecaps.