geeman
07-27-2004, 12:00 PM
Hey folks,
Just want to give everyone a heads` up. There are several versions of
MyDoom running around right now. Version O is the latest (that I know of)
and it spoofs email addresses and has a bit of sneaky prose in it along
with the attached virus:
>From: "The Post Office" <postmaster@oracle.wizards.com>
>To: birthright-l-request@oracle.wizards.com
>Subject: Returned mail: Data format error
>Date: Tue, 27 Jul 2004 01:23:51 -0700
>X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>X-ELNK-AV: 0
>
>Dear user birthright-l-request@oracle.wizards.com,
>
>Your email account has been used to send a large amount of spam during
>this week.
>Most likely your computer had been compromised and now runs a trojan proxy
>server.
>
>We recommend that you follow instruction in order to keep your computer safe.
>
>Sincerely yours,
>oracle.wizards.com support team.
Below this text is an attached file called (in the version sent me)
"birthright-l-request@oracle.wizards.com" which is, of course, the
virus. Cute, huh?
Here`s a link to the McAfee description of the virus:
http://vil.nai.com/vil/content/v_127033.htm
Though the above message appears to come from the Wizards` server that
doesn`t mean that the wizards` server is infected. In fact, it probably
isn`t, but if you get something that looks like it`s from wizards--or just
about anyone at the moment--and has an attachment there`s a pretty good
chance its not what it appears to be.
If you`re using Norton/Semantic antivirus, BTW, they appear to be up to
version M of this virus as of the time of this writing. I`m sure they`ll
catch up soon, but if you`re using that software be particularly on your
guard since it will get past their realtime scanning.
Gary
Just want to give everyone a heads` up. There are several versions of
MyDoom running around right now. Version O is the latest (that I know of)
and it spoofs email addresses and has a bit of sneaky prose in it along
with the attached virus:
>From: "The Post Office" <postmaster@oracle.wizards.com>
>To: birthright-l-request@oracle.wizards.com
>Subject: Returned mail: Data format error
>Date: Tue, 27 Jul 2004 01:23:51 -0700
>X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>X-ELNK-AV: 0
>
>Dear user birthright-l-request@oracle.wizards.com,
>
>Your email account has been used to send a large amount of spam during
>this week.
>Most likely your computer had been compromised and now runs a trojan proxy
>server.
>
>We recommend that you follow instruction in order to keep your computer safe.
>
>Sincerely yours,
>oracle.wizards.com support team.
Below this text is an attached file called (in the version sent me)
"birthright-l-request@oracle.wizards.com" which is, of course, the
virus. Cute, huh?
Here`s a link to the McAfee description of the virus:
http://vil.nai.com/vil/content/v_127033.htm
Though the above message appears to come from the Wizards` server that
doesn`t mean that the wizards` server is infected. In fact, it probably
isn`t, but if you get something that looks like it`s from wizards--or just
about anyone at the moment--and has an attachment there`s a pretty good
chance its not what it appears to be.
If you`re using Norton/Semantic antivirus, BTW, they appear to be up to
version M of this virus as of the time of this writing. I`m sure they`ll
catch up soon, but if you`re using that software be particularly on your
guard since it will get past their realtime scanning.
Gary