New High Outbreak Virus

Tuesday, January 27, 2004 by yrag | Discussion: WinCustomize News

Method of Infection

This file tries to spread via email and by copying itself to the shared directory for Kazaa clients if they are present.

The mailing component harvests address from the local system. Files with the following extensions are targeted:

wab
adb
tbb
dbx
asp
php
sht
htm
txt
Additionally, the worm contains strings, which it uses to randomly generate, or guess, addresses.

SoliD_NuTs
Reply #1 Tuesday, January 27, 2004 2:30 AM
that was close!! i was just about to check my email but decided i would checke wincustomize first and, i saw your news post and updated my norton right away then when i whent to check my email i found 5 emails with the vrius!!!lol

thanks for the post yrag
joetheblow
Reply #2 Tuesday, January 27, 2004 3:01 AM
thanks for the info
Weaksid
Reply #3 Tuesday, January 27, 2004 5:32 AM
Glad my definitions are up to date
MadIce
Reply #4 Tuesday, January 27, 2004 6:34 AM
Yesterday NAI mailed about an emergency update (4318 files) and 9 hours later I got another one... The 4319 files.

The first one was about the W32/Dumaru.y@MM and the last one about W32/MyDoom@MM.

Looks like those people at McAfee were working late.
mormegil
Reply #5 Tuesday, January 27, 2004 8:45 AM
I got 1776 of these last night while I was sleeping. Got to love these dam things.
scratch_pentagon
Reply #6 Tuesday, January 27, 2004 3:48 PM
apparently it performs a DDOS attack on sco.com. this is the first ever virus i'd ever willingly install.
docx
Reply #7 Tuesday, January 27, 2004 4:53 PM
ya I had two show up today. Luckly Norton caught them right away and I deleated them. They came from the stardock newsgroup... Not saying its stardocks fault or anything.
karb0n
Reply #8 Tuesday, January 27, 2004 6:44 PM
I'll second scratch_pentagon!
yrag
Reply #9 Wednesday, January 28, 2004 8:47 PM
Earlier today they discovered different variants of the 'mydoom' virus. These versions not only perform DOS attacks on SCO and Microsoft, but they also prevent any connection from an infected computer to any of the AV sites. Most AV proggies are making new DAT updates available now or will later tonight. This is the third DAT update for this virus in as many days, so do not assume you have the latest.

Please login to comment and/or vote for this skin.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

  • Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
  • Access to a great community, with a massive database of many, many areas of interest.
  • Access to contests & subscription offers like exclusive emails.
  • It's simple, and FREE!



web-wc01