[383MontecarloSS]

New type of virus came out last friday and its one tricky ****. We got it here at work and almost crashed our whole system. Even if you delete it when you get it, it doesnt go away! A lady here at work got an e-mail and didnt recognize so she deleted. Once deleted the e-mail shot straight to her adress book and took a name then re-e-mailed it self to another employee. That employee thinking this fellow employee e-mailed him, he opened the e-mail and within a couple of mins nearly crashed our whole system.

Everyone update your virus scan since this patch just came out a couple of days ago

[Kevin45]

Yea....and what is the name of the virus? Most virus are nothing more than everyone e-mailing everyone telling them about a virus. Then what it does is jam up the e-mail systems. I find it hard to believe if it always happens to someone else or he said,she said, and not even a name for it. Check out www.snopes.com and see if it is a hoax or not.

Kevin

[383MontecarloSS]

Its called the DOOM worm.

[blndweasel]

myDoom won't infect your system unless you actually open the email. It's possible that your co-worker, in the process of deleting the message, allowed the email to display in their "preview pane" which essentially causes the email client to read the entire email message. As standard practice in our department, we disable the preview pane in Microsoft Outlook, to prevent this from happening. In rare cases, the virus payload is in the email message header, and your system can get infected without actually opening it.

All this boils down to, is that your IT department needs to employ a good email filtering schema, and needs to be scanning incoming messages and quarrantine suspect viruses. Course that's all a load of beans if you aren't keeping your virus definitions up to date.

the blonde weasel
san diego, CA

[Kevin45]

Well I found this on Symnatecs website.

http://securityresponse.symantec.com...varg.a@mm.html

http://www.symantec.com/avcenter/hoax.html


W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.




--------------------------------------------------------------------------------
Notes:
Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread.
Symantec Security Response has developed a removal tool to clean the infections of W32.Mydoom.A@mm.
Virus definitions dated prior to February 4, 2004 will detect this threat as W32.Novarg.A@mm.

--------------------------------------------------------------------------------


Also Known As: W32.Novarg.A@mm, W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]

Type: Worm
Infection Length: 22,528 bytes, variable file size for a .zip attachment



Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

[crazy larry]

it works. my home puter caught it. sob hasn't worked right since. so i just unplugged it.

[machine shop tom]

And people wonder why I prefer Macs!