homepage Welcome to WebmasterWorld Guest from 54.234.141.47
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

This 116 message thread spans 4 pages: 116 ( [1] 2 3 4 > >     
New Virus Running Novarg Worm
Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4498 posted 12:49 am on Jan 27, 2004 (gmt 0)

[us.mcafee.com...]

 

MarkHutch

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 12:52 am on Jan 27, 2004 (gmt 0)

Oh yes, I've seen them coming in the past couple of hours. Anti catching them all, but they are spreading around.

markis00

10+ Year Member



 
Msg#: 4498 posted 1:15 am on Jan 27, 2004 (gmt 0)

Yeah, the only thing worse is the huge amount of MSN picture hacking going on

Visit Thailand

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 1:22 am on Jan 27, 2004 (gmt 0)

Thanks Brett - here is symantec's take:

securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

We have received a whole load this morning.

sidewinder

10+ Year Member



 
Msg#: 4498 posted 1:24 am on Jan 27, 2004 (gmt 0)

Yes. I don't normally get these, but this one I'm receiving at random addresses for one of my domains.

also: msn picture hacking? care to elaborate?

iJeep

10+ Year Member



 
Msg#: 4498 posted 1:50 am on Jan 27, 2004 (gmt 0)

OMG--I'm getting tons of e-mails since this afternoon with .zip attachments saying the message could not be delivered.

I hate new virii...they fill up my email for weeks until people finally figure out they are the ones with it.

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4498 posted 2:47 am on Jan 27, 2004 (gmt 0)

They're trickling into Japan now...<yuck>

NeverHome

10+ Year Member



 
Msg#: 4498 posted 2:51 am on Jan 27, 2004 (gmt 0)

This is the first day back at work in Taiwan (after Chinese New Year holiday). Mailboxes will be full and people are bound to open emails with less precaution than usual. I expect this will dramatically compound the problem.

superpower

10+ Year Member



 
Msg#: 4498 posted 2:53 am on Jan 27, 2004 (gmt 0)

I'm getting clobbered.

nippi

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 2:56 am on Jan 27, 2004 (gmt 0)

15 per hour here in Australia

Kirby

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 3:01 am on Jan 27, 2004 (gmt 0)

Im getting 100s an hour. The spoofing is going to victimize alot that are unaware.

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4498 posted 3:15 am on Jan 27, 2004 (gmt 0)

Getting hammered here - turning of email functions on WebmasterWorld for the time being.

MarkHutch

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 3:29 am on Jan 27, 2004 (gmt 0)

I hope it's ok to post this message from SPAMCOP.NET.

[19:13 EST] A new virus, alternately called Mydoom or one of the Mimail variants, is spreading quickly this afternoon. It was apparently first picked up by the virus labs the middle of this afternoon (EST). At 6:15 p.m. EST our antivirus software company issued a new data file which catches it and our automatic update procedures picked up the new virus definitions at 6:47 p.m. At this point, all SpamCop email is protected from the virus but there were a few hours this afternoon between the introduction of the virus and when we get the new definitions where the virus was delivered to email accounts. As always, don't open attachments you haven't requested, even if they appear to be from people you know.

Oaf357

10+ Year Member



 
Msg#: 4498 posted 3:39 am on Jan 27, 2004 (gmt 0)

This one is particularly nasty. I have yet to see it (thank God for server level spam filters) but I don't expect to go for too long before someone I know is infected.

Hey, at least it DDOSes sco.com. Not that I agree with cybercrimes but I couldn't think of a better company to do it to.

markis00

10+ Year Member



 
Msg#: 4498 posted 3:45 am on Jan 27, 2004 (gmt 0)

sidewinder:

MSN picture hacking. Someone got into my profile and hacked my picture. They knew I was jewish and put nazi material all over it. They even knew where I lived...

I don't think they hacked my entire profile as none of it was changed. My friend had his hacked too, so I know it's some kind of new microsoft vunreability, maybe in the .net framework or server apps.

I posted about it but no one really seemed to care.

Visit Thailand

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 3:58 am on Jan 27, 2004 (gmt 0)

Question: How do I delete or block all emails at the server level (for the whole server not just individual domains) which have an attachment of .exe .pif or .scr?

I do not mind if the attachment and email are deleted just want them gone.

What is the best software to use?

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4498 posted 4:54 am on Jan 27, 2004 (gmt 0)

Mcafee says when the attachment is run, it creates a file named: taskmon.exe

Does Windows already have a file by that name, because I found that file.

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4498 posted 4:55 am on Jan 27, 2004 (gmt 0)

taskmon.exe is a standard Windows file. I wouldn't kill it if I were you.

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4498 posted 4:56 am on Jan 27, 2004 (gmt 0)

Thanks Bill, that's what I wanted to know (wipes his brow...)

Visit Thailand

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 5:00 am on Jan 27, 2004 (gmt 0)

I noticed that too, wonder how many people think ahh and kill their real task manager!

superpower

10+ Year Member



 
Msg#: 4498 posted 5:24 am on Jan 27, 2004 (gmt 0)

Hint: do a Google search on taskmon.exe

louiseB

10+ Year Member



 
Msg#: 4498 posted 5:28 am on Jan 27, 2004 (gmt 0)

Thanks for the warning guy's.

lasko

10+ Year Member



 
Msg#: 4498 posted 6:28 am on Jan 27, 2004 (gmt 0)

Yep woke up 6:30 this morning received an alert from Norton, updated it, and blocked all .pif,.bat,.scr,.exe,.zip,.bas and few others at the server so I wont receive it.

However I did get one email with a very suspicious attachement which I deleted. That was before I put a block on the server.

Never seen something move so fast, i mean I finished last night at 11:30pm woke up at 6:30am and I receive many alerts!

This one will hurt people!

All webmaters should look into blocking attachments at the server. Their are many attachments these days I don't require people to send me.

If your on a commercial basis like .com .net etc then it would be wise to look into it.

I have managed to block so many unwanted attachements..

Take care guys!

Hanu

10+ Year Member



 
Msg#: 4498 posted 7:54 am on Jan 27, 2004 (gmt 0)

I can only say that I am very happy to have implemented my own custom anti-virus measures years ago on my mail server. It's simple but effective: I simply block all types of executable attachments that I know of.

If someone wants to send us an executable attachment like a self-extracting zip archive, they have to put a special text in the body.

The problem with relying on auto-updating AntiVirus Software (which I also use) is that some viruses spread faster than the auto-updates.

dirkz

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498 posted 8:37 am on Jan 27, 2004 (gmt 0)

I suspect it abuses one of my domains as email in the from-header for replicating. Besides the official virus mails I get bombed with "Virus removed" mails.

Anyone having the same problem?

lasko

10+ Year Member



 
Msg#: 4498 posted 8:49 am on Jan 27, 2004 (gmt 0)

I suspect it abuses one of my domains as email in the from-header for replicating. Besides the official virus mails I get bombed with "Virus removed" mails.

Only 1 of my domains also, but this was before I placed my block not sure if the block would stop it or not.

Our block only stops the email arriving to our computers, maybe if someone who was infected and had your email address in their address book, it would then send the virus to someone else and it would appear from you. Then a warning message is sent to your email address even though your not the original sender.

swizz

10+ Year Member



 
Msg#: 4498 posted 9:07 am on Jan 27, 2004 (gmt 0)

Just started here in Switzerland... I made a special fitler for my mail server, really annoying!

- swizz

tedster

WebmasterWorld Senior Member tedster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4498 posted 9:18 am on Jan 27, 2004 (gmt 0)

How do I delete or block all emails at the server level (for the whole server not just individual domains) which have an attachment of .exe .pif or .scr?

Ah, but this baby is a .zip file which unzips to .pif. That makes it trickier.

dazz

10+ Year Member



 
Msg#: 4498 posted 9:24 am on Jan 27, 2004 (gmt 0)

Yeh im in UK and started to recieve this virus yesterday.

So far have managed to stop it with mailwasher and Norton.

I hate these virus ppl grrrrrrr :¦

lasko

10+ Year Member



 
Msg#: 4498 posted 9:26 am on Jan 27, 2004 (gmt 0)

Ah, but this baby is a .zip file which unzips to .pif. That makes it trickier.

Yes, for the first time I am blocking the Zip files.

I would say 90% are being blocked at the moment but some still manage to get through.

I received one with

.htm

which surprised me and yet NAV says:

.pif
.scr
.exe
.cmd
.bat
.zip

This 116 message thread spans 4 pages: 116 ( [1] 2 3 4 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved