Beethoven.com

[OperaTenor]

I've been receiving 3-4 viruses(i.e., very suspicious-looking, and from unfamiliar addresses) per day in my b.com e-mail inbox for the last few days. Anyone else?

[Nicole Marie]

Are they the MyDoom virus that contains subjects like "status" and "test"?

[OperaTenor]

Some have said that, others have said "mail delivery notification" and "hello". All show attachments. I've been deleting them outright whenever they show up. I don't seem to be getting them at all at my Juno e-mail address, which is where I do all of my business, and where all of the spam I get shows up.
I have Norton SystemWorks, and subscribe, so I get regular virus updates, but nevertheless don't want to take any chances with these.
Is anyone else out there receiving this kind of stuff?

<small>[ 02-09-2004, 04:09 PM: Message edited by: operatenor ]</small>

[piqaboo]

I've gotten 5-6 of the "mail delivery notifications" at work, where we have big hairy scary anti-virus software and small fast mean smart IS people hunting down the ones that get away.

The email itself is standard "cant deliver" text, the problem is that I never sent an email to these addresses in the first place.

I have not opened any of the attachments.

I use McAfee at home and havent gotten any of this kind of email on that account.

[EJA]

Yes, the e-mails you describe are most likely the latest e-mail worm virus MyDoom, or one of its variants. This virus raids the address box of a victim machine, randomly selecting pairs of addresses. It uses one of the pair for the originating, and the other of the pair for the destination, address of a new e-mail which it then sends. This new e-mail is, of course, a virus vector, and this is what you are seeing in your address box. The payload is located in the attachment(s) of the vector e-mail which masquerades as a failed mail message. The text of the vector usually has some enticement to open the attachment, for instance a claim that the attachment contains information on why the purported (but non-existent) message was not delivered, or the first N lines of the message. This should be your second clue (after the fact that you don't recollect sending the supposed failed message). No mail server that I am aware of puts its explanation for failed delivery in an attachment. They all put the explanation in the text of the e-mail. As long as you do not open the attachments you will be perfectly safe. You should, of course, delete the vector e-mails that show up in your inbox, (make sure that the attachments are being deleted with the messages). Should you open the attachment, one of a number of things might happen (there are several variants now that do different things), but the most disturbing thing is that the virus installs a keyboard shim which intercepts and stores key strokes before they reach your operating system. Thus passwords and any encrypted message or file that you type are stored in plain text and are available to any hacker who has a key to the MyDoom back door. This virus is also associated with zombie denial of service attacks directed against SCO and Microsoft. I'm not sure if this is coordinated by the virus itself, or by some ancillary software that takes advantage of the backdoor created by the virus to coordinate a mass denial of service attack. In any case, it seems that the hackers don't have enough to do once again, and we users will be victimized if we don't stay sharp and informed.

Ed: "Users? Stay? Sharp? Informed? You've got to be kidding!"

"Ed, it's on of those rhetorical things; I'm sure you wouldn't understand."

[OperaTenor]

Thanks, Ethan.

Do you know if Norton and McAfee have caught up with it in their virus definitions?

[EJA]

I think that they have. Nevertheless, the best defense is not opening the attachments and deleting the e-mails and the attachments. The thing wouldn't spread at all if anti-virus software were the answer. Anti-virus software isn't predictive or preemptive at this point. It protects you from the main body of the enemy, but not from his skirmishers. Anti-virus software, almost by definition, has to be at least slightly behind the curve of virus development. Just remember, when it comes to computers, "Those who make them are like them; so is everyone who trusts in them."

[piqaboo]

Here is yet another new ugly, notification courtesy of our IS group.
Note: "CoName" has been substituted for the company's name thruout.
Note: the virus may use your company name in the email that tries to get you to activate it.
Dear Users:

We've been alerted to a new method of viruses spreading that we all need to be aware of, effective immediately.

You may receive an email that looks something like the one below. You will be instructed to open an attached file in order to remove the virus -- the virus is actually encrypted in the attachment and may not be intercepted by our server yet.

Please do NOT open the attachment -- delete the email message from both your Inbox folder and from your Deleted folder.



EXAMPLE Virus Email :

Dear user of e-mail server "CoName.com",
Some of our clients complained about the spam (negative e-mail content)

outgoing from your e-mail account. Probably, you have been infected by

a proxy-relay trojan server. In order to keep your computer safe,

follow the instructions.

Pay attention on attached file. <piq note- grammar errors are soooo common in these things!>

Attached file protected with the password for security reasons. Password is 85485.

Sincerely,

The CoName.com team http://www.CoName.com

[BenODen]

These virus writers are coming up with good excuses to open up zip file attachments, BAH! I think I'd endorse mail coming only from some ISP mail server now... Blah.

[1st_oboe]

Nasty buggers! The secretary here at the college music deparment fell for a virus in an email a couple days ago. It found its way to a shared drive, then on to all the computers attached to that drive. It was a nasty little worm that copied itself about 10 times in every folder on every computer.

I did the disinfection on this computer and found over 7000 copies of the worm. I'm sure it was just as bad on the other 10 or so computers affected.

We've got all the computers cleaned. Sadly though, most of the data on the shared drive was lost. It was class lists, promotional material for our concerts, etc. A lot of work gone.

Cheers!
Aaron

[BenODen]

No backups!? How unwise! (quietly slips out to backup his hard drive)

<small>[ 04-01-2004, 07:42 PM: Message edited by: Benito Of Denver ]</small>