E-mail worm alert: Mydoom/Novarg.A

We've seen a fair amount of e-mail messages containing the latest in unimaginative e-mail worm technology, dubbed W32/Mydoom@MM by McAfee and W32.Novarg.A@mm by Symantec. It usually appears in the form of a .zip attachment but may take on any of the usual file extensions. Its main purpose is to spread and make its victims participate in a DoS attack on sco.com (insert political statement here). The frequency of rejected messages on the mail servers due to unkosher attachments has been rising since about 17:00 EST so you will probably find copies of it in your mailbox very soon.

Be careful. Antivirus programs may need to be manually updated.

Anyway, more data here:

http://www.datafellows.com/v-descs/novarg.shtml
http://securityresponse.symantec.com...varg.a@mm.html

[generic]

Yes, Just got a few return messages from people I never emailed too with the virus, looks like its possibly sending return emails too faking them as returned mail.


FIX is to just download current virus definitions and run a complete scan.

Of course, thats basic spoofing technology in Viruses nowadays. Most new worms now:

1) Run their own SMTP Server (Straight connect to target)
2) Choose Random TO and FROM: addresses

This does not make it difficult to track at all. In fact, I just received one to my private box, and a bounce. Nice.

All I can say is... When will people learn NOT to open attachments?!?!

This one comes in ZIP format to, so its gonna get through the block on SMTP ... It was only a matter of time...

[admin]

it says something about doing a dos on feb 1. But it says nothing about who and what it will dos. I wounder when we will find out who and what it will dos..

[admin]

Never mind looks like they will be hitting sco.com that sucks..

[jmbeach]

Quote:

Originally Posted by Bladesnitz

All I can say is... When will people learn NOT to open attachments?!?!

Are you kidding me? Every time one of these comes out, I get the same clients calling me saying they've done something very bad, and I continue to tell them (in my nicest strong language) not to open anything, even from people you know. Never works, though, and I guess it's a good thing for me - tech support pays pretty well

[resell01]

Ok, you gave us spam control, how about virus protection???

We block executables. Any additional virus scanning would be seriously intensive on the server, ESPECIALLY in this case where they are in archives. Thats a serious load issue when you want us to scan your messages and your archived files... Unziping aint cheap when it comes to server resources.

[Vixen]

Quote:

Originally Posted by resell01

Ok, you gave us spam control, how about virus protection???

I would never dream of expecting someone else to scan all of my mail. Plus, what happens if they delete something you actually WANTED?? Then of course, you would be upset but in reality it would not be there fault. Norton's and McAfee are both relatively cheap and give you the control of setting up the amount of protection you want on your computer.

[resell01]

Just a suggestion. SpamAssasin scans all your mail (if you want it to). Option to 'Delete' or move to specific folder. Yep Norton is cheap and I tell my customers the same thing your saying (and it does spam and virus protection). Anyways....just a thought...

[nickp]

Is there any way that vortech can block some of these bounces? There has to be some kind of pattern to it. Maybe just drop any bounced mail that has a zip attached or something to that affect..

My clients are well informed when it comes to avoiding virii. I think it's their friends that are causing the most trouble. I keep getting "I didn't send this" reports and I have to explain to them how the whole spoofing thing works and it's turning into a big ordeal.

[jmbeach]

I'm sure they are doing what they can to minimize the damage - remember, they have to pay for bandwidth and personnel to remedy these situations. In the end, they can only do so much, and your customers have to know that this is a global issue, not one with a simple fix.

[nickp]

End users do not always know how big the issue is. They do however expect me to make the issue go away.

[jmbeach]

Quote:

Originally Posted by nickp

End users do not always know how big the issue is. They do however expect me to make the issue go away.

No offense, but this is a really naive way for customers to look at the situation, no matter how much they pay us to support them. If it's all over the news, it's a big deal, and all of our customers must learn that they are as responsible as we are. If they don't want to be responsible, they have to learn to deal with consequences and must be ready to pay for the added support.

We host here, we don't hand hold. My opinion.

Ignorance - pure and simple.

This virus is on national news, so if your customers just want it to 'go away', well then tell them to wait till hotmail and yahoo and aol take care of it first. I'm sure they might actually be having problems. And not lets forget about SCO, shaking in their boots about to be DoS (lamen terms - they are on the brink of a slaughter).

If they really want someone to blame, blame Microsoft, everyone else seems to... But in my opinion, the only people to blame are those that are still ignorant enough to open up any attachment that comes into their mailbox. I dont even open attachments from people I know, unless its a picture. I dont even open office documents...