New virus infects PCs, whacks SCO (9:00 PM ET)
http://news.com.com/2100-7349_3-5147605.html?tag=nefd_top
</paste>
update: A mass-mailing virus quickly spread through the Internet on Monday,
compromising computers so that they attack the SCO Group's Web server with a
flood of data on Feb. 1, according to antivirus companies.
In one hour, Network Associates itself received 19,500 e-mails bearing the
virus from 3,400 unique Internet addresses, Gullotto said. One large
telecommunications company has already shut down its e-mail gateway to stop
the virus.
....The virus affects computers running Windows versions 95, 98, ME, NT, 2000
and XP.
The virus also copies itself to the Kazaa download directory on PCs, on
which the file-sharing program is loaded. The virus camouflages itself,
using one of seven file names, including Winamp5, RootkitXP, Officecrack and
Nuke2004. Variations in the body text include: "The message cannot be
represented in 7-bit ASCII encoding and has been sent as a binary
attachment."
Early data indicated an epidemic several times the size of the Sobig.F
virus... "At its current run rate, we will trap almost *8 million* in a
day," [said the vice president of engineering at e-mail service provider
Postini]. The company quarantined only 1,400 copies of Sobig.F in its first
day and 3.5 million copies of the virus during that epidemic's peak 24-hour
period.
</paste>
GAry said:
Sigh... I'm always tempted to test my AV (after updating, of course.) Got a half
dozen of these in the last few hours (my open address here invites such.)
Yup, ETrust now caught this one--Message.Zip containing a PIF file, Document.Zip
containing SCR file, both infections identified as Win32.Mydoom.A worm
Hey, maybe I should be forwarding these emails directly to CA. Heck, I must get
them about as soon as they're released. Whaddya think, <bg>? Maybe just the ones
that I know are viruses but an updated ETrust doesn't identify as such?
Naw. Wouldn't get paid, and I do enough volunteer work as it is.
This one is nasty--beware.
W32.Novarg.A@mm
aka W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend]
Discovered on: January 26, 2004
Last Updated on: January 26, 2004 03:30:48 PM
Category 4 - Severe
Dangerous threat type, difficult to contain. The latest virus
definitions should be downloaded immediately and deployed.
-Wild: High
-Damage or Distribution: High
http://www.symantec.com/avcenter/venc/data/[email protected]
http://vil.nai.com/vil/content/v_100983.htm
http://www.f-secure.com/v-descs/novarg.shtml
http://www3.ca.com/virusinfo/virus.aspx?ID=38102