• Thank you for visiting HeavyEquipmentForums.com! Our objective is to provide industry professionals a place to gather to exchange questions, answers and ideas. We welcome you to register using the "Register" icon at the top of the page. We'd appreciate any help you can offer in spreading the word of our new site. The more members that join, the bigger resource for all to enjoy. Thank you!

New Virus Threat

Steve Frazier

Founder
Staff member
Joined
Oct 30, 2003
Messages
6,653
Location
LaGrangeville, N.Y.
Virus Alert: New variant of Mydoom,W32.Mydoom.M@mm



Systems Affected:
Windows 9.X, ME, NT, 2000, XP, Server 2003

The newest variant of the Mydoom virus, W32.Mydoom.M@mm, is a mass-mailing worm that has its own email engine. Once a computer is infected, the worm will immediately search through all files for email addresses and begin emailing itself out in volume. The virus will also download and install a backdoor program onto the infected machine.

The attachment name may contain a randomly selected domain, which was found on the sender's system. For example, the attachment name could contain fakedomain.com if the address x@fakedomain.com was harvested.

The From field of the email is spoofed. Email may appear to be from an administrator from your ISP or other well known domains.

Subject lines may contain the following:

say helo to my litl friend
click me baby, one more time
hello
error
status
test
report
delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error


Solutions:

Run and maintain an antivirus product. It is important for users to update their antivirus software on a regular basis. Many antivirus packages support automatic updates of virus definitions. We recommend using those automatic updates when available. Common antivirus vendors are noted below.
Use extreme cautions opening any email attachments with the extensions: .exe, .pif, .scr, .bat, .com, .lnk, .hta, or .shs. These files have the potential to contain malicious code that may infect the user's PC with a virus or damage the user's system.
Check for security updates for your operating system and email software with the manufacturer.
Install a software firewall that will warn you of software that attempts to gain network access.
Detailed information, including removal instructions can be found below.

Additional Information On This Virus:

http://www.sarc.com/avcenter/venc/data/w32.mydoom.m@mm.html

Antivirus Vendors:

Symantec - http://www.symantec.com/avcenter
McAfee - http://www.mcafee2b.com/avert/virus-alerts/default.asp
Computer Associates - http://www3.ca.com/virus
F-Secure Corp - http://www.fsecure.com/virus-info/
Norman Data Defense Systems - http://www.norman.com
Sophos - http://www.sophos.com
Trend Micro - http://www.antivirus.com/vinfo





© Copyright 2004 CSC Holdings, Inc.


As I have received bogus mail from this website in the past, I want to warn our members that we will never send you an attachment, do not open any attachments in an e-mail with a xxxx@heavyequipmentforums.com return address.
 

BRL

Senior Member
Joined
Oct 29, 2003
Messages
271
Location
Somerset, NJ
"As I have received bogus mail from this website in the past, I want to warn our members that we will never send you an attachment, do not open any attachments in an e-mail with a xxxx@heavyequipmentforums.com return address."

Steve,
Just wanted to repeat that part for any members who might not have read the details in the virus warning part. They might have not realized you added that at the end if they skipped the technical discussion.

Glad you posted that actually. In another E-mail style forum I belong to several members posted they had received "undelivered email" messages from the forum addy, when they hadn't sent any. I was pretty sure they probably have a virus, but now I can steer them in the exact right direction.
 
Top