Welcome to WebmasterWorld Guest from 54.226.62.26

Forum Moderators: phranque

Message Too Old, No Replies

New Virus Running Novarg Worm

     

Brett_Tabke

12:49 am on Jan 27, 2004 (gmt 0)

MarkHutch

12:52 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Oh yes, I've seen them coming in the past couple of hours. Anti catching them all, but they are spreading around.

markis00

1:15 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Yeah, the only thing worse is the huge amount of MSN picture hacking going on

Visit Thailand

1:22 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks Brett - here is symantec's take:

securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

We have received a whole load this morning.

sidewinder

1:24 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Yes. I don't normally get these, but this one I'm receiving at random addresses for one of my domains.

also: msn picture hacking? care to elaborate?

iJeep

1:50 am on Jan 27, 2004 (gmt 0)

10+ Year Member



OMG--I'm getting tons of e-mails since this afternoon with .zip attachments saying the message could not be delivered.

I hate new virii...they fill up my email for weeks until people finally figure out they are the ones with it.

bill

2:47 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



They're trickling into Japan now...<yuck>

NeverHome

2:51 am on Jan 27, 2004 (gmt 0)

10+ Year Member



This is the first day back at work in Taiwan (after Chinese New Year holiday). Mailboxes will be full and people are bound to open emails with less precaution than usual. I expect this will dramatically compound the problem.

superpower

2:53 am on Jan 27, 2004 (gmt 0)

10+ Year Member



I'm getting clobbered.

nippi

2:56 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



15 per hour here in Australia

Kirby

3:01 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Im getting 100s an hour. The spoofing is going to victimize alot that are unaware.

Brett_Tabke

3:15 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Getting hammered here - turning of email functions on WebmasterWorld for the time being.

MarkHutch

3:29 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I hope it's ok to post this message from SPAMCOP.NET.

[19:13 EST] A new virus, alternately called Mydoom or one of the Mimail variants, is spreading quickly this afternoon. It was apparently first picked up by the virus labs the middle of this afternoon (EST). At 6:15 p.m. EST our antivirus software company issued a new data file which catches it and our automatic update procedures picked up the new virus definitions at 6:47 p.m. At this point, all SpamCop email is protected from the virus but there were a few hours this afternoon between the introduction of the virus and when we get the new definitions where the virus was delivered to email accounts. As always, don't open attachments you haven't requested, even if they appear to be from people you know.

Oaf357

3:39 am on Jan 27, 2004 (gmt 0)

10+ Year Member



This one is particularly nasty. I have yet to see it (thank God for server level spam filters) but I don't expect to go for too long before someone I know is infected.

Hey, at least it DDOSes sco.com. Not that I agree with cybercrimes but I couldn't think of a better company to do it to.

markis00

3:45 am on Jan 27, 2004 (gmt 0)

10+ Year Member



sidewinder:

MSN picture hacking. Someone got into my profile and hacked my picture. They knew I was jewish and put nazi material all over it. They even knew where I lived...

I don't think they hacked my entire profile as none of it was changed. My friend had his hacked too, so I know it's some kind of new microsoft vunreability, maybe in the .net framework or server apps.

I posted about it but no one really seemed to care.

Visit Thailand

3:58 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Question: How do I delete or block all emails at the server level (for the whole server not just individual domains) which have an attachment of .exe .pif or .scr?

I do not mind if the attachment and email are deleted just want them gone.

What is the best software to use?

keyplyr

4:54 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Mcafee says when the attachment is run, it creates a file named: taskmon.exe

Does Windows already have a file by that name, because I found that file.

bill

4:55 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



taskmon.exe is a standard Windows file. I wouldn't kill it if I were you.

keyplyr

4:56 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Thanks Bill, that's what I wanted to know (wipes his brow...)

Visit Thailand

5:00 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I noticed that too, wonder how many people think ahh and kill their real task manager!

superpower

5:24 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Hint: do a Google search on taskmon.exe

louiseB

5:28 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Thanks for the warning guy's.

lasko

6:28 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Yep woke up 6:30 this morning received an alert from Norton, updated it, and blocked all .pif,.bat,.scr,.exe,.zip,.bas and few others at the server so I wont receive it.

However I did get one email with a very suspicious attachement which I deleted. That was before I put a block on the server.

Never seen something move so fast, i mean I finished last night at 11:30pm woke up at 6:30am and I receive many alerts!

This one will hurt people!

All webmaters should look into blocking attachments at the server. Their are many attachments these days I don't require people to send me.

If your on a commercial basis like .com .net etc then it would be wise to look into it.

I have managed to block so many unwanted attachements..

Take care guys!

Hanu

7:54 am on Jan 27, 2004 (gmt 0)

10+ Year Member



I can only say that I am very happy to have implemented my own custom anti-virus measures years ago on my mail server. It's simple but effective: I simply block all types of executable attachments that I know of.

If someone wants to send us an executable attachment like a self-extracting zip archive, they have to put a special text in the body.

The problem with relying on auto-updating AntiVirus Software (which I also use) is that some viruses spread faster than the auto-updates.

dirkz

8:37 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I suspect it abuses one of my domains as email in the from-header for replicating. Besides the official virus mails I get bombed with "Virus removed" mails.

Anyone having the same problem?

lasko

8:49 am on Jan 27, 2004 (gmt 0)

10+ Year Member



I suspect it abuses one of my domains as email in the from-header for replicating. Besides the official virus mails I get bombed with "Virus removed" mails.

Only 1 of my domains also, but this was before I placed my block not sure if the block would stop it or not.

Our block only stops the email arriving to our computers, maybe if someone who was infected and had your email address in their address book, it would then send the virus to someone else and it would appear from you. Then a warning message is sent to your email address even though your not the original sender.

swizz

9:07 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Just started here in Switzerland... I made a special fitler for my mail server, really annoying!

- swizz

tedster

9:18 am on Jan 27, 2004 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



How do I delete or block all emails at the server level (for the whole server not just individual domains) which have an attachment of .exe .pif or .scr?

Ah, but this baby is a .zip file which unzips to .pif. That makes it trickier.

dazz

9:24 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Yeh im in UK and started to recieve this virus yesterday.

So far have managed to stop it with mailwasher and Norton.

I hate these virus ppl grrrrrrr :¦

lasko

9:26 am on Jan 27, 2004 (gmt 0)

10+ Year Member



Ah, but this baby is a .zip file which unzips to .pif. That makes it trickier.

Yes, for the first time I am blocking the Zip files.

I would say 90% are being blocked at the moment but some still manage to get through.

I received one with

.htm

which surprised me and yet NAV says:

.pif
.scr
.exe
.cmd
.bat
.zip

This 116 message thread spans 4 pages: 116
 

Featured Threads

Hot Threads This Week

Hot Threads This Month