Oh yes, I've seen them coming in the past couple of hours. Anti catching them all, but they are spreading around.

Yeah, the only thing worse is the huge amount of MSN picture hacking going on

Thanks Brett - here is symantec's take:

securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

We have received a whole load this morning.

Yes. I don't normally get these, but this one I'm receiving at random addresses for one of my domains.

also: msn picture hacking? care to elaborate?

OMG--I'm getting tons of e-mails since this afternoon with .zip attachments saying the message could not be delivered.

I hate new virii...they fill up my email for weeks until people finally figure out they are the ones with it.

They're trickling into Japan now...<yuck>

This is the first day back at work in Taiwan (after Chinese New Year holiday). Mailboxes will be full and people are bound to open emails with less precaution than usual. I expect this will dramatically compound the problem.

I'm getting clobbered.

15 per hour here in Australia

Im getting 100s an hour. The spoofing is going to victimize alot that are unaware.

Getting hammered here - turning of email functions on WebmasterWorld for the time being.

I hope it's ok to post this message from SPAMCOP.NET.

[19:13 EST] A new virus, alternately called Mydoom or one of the Mimail variants, is spreading quickly this afternoon. It was apparently first picked up by the virus labs the middle of this afternoon (EST). At 6:15 p.m. EST our antivirus software company issued a new data file which catches it and our automatic update procedures picked up the new virus definitions at 6:47 p.m. At this point, all SpamCop email is protected from the virus but there were a few hours this afternoon between the introduction of the virus and when we get the new definitions where the virus was delivered to email accounts. As always, don't open attachments you haven't requested, even if they appear to be from people you know.

This one is particularly nasty. I have yet to see it (thank God for server level spam filters) but I don't expect to go for too long before someone I know is infected.

Hey, at least it DDOSes sco.com. Not that I agree with cybercrimes but I couldn't think of a better company to do it to.

sidewinder:

MSN picture hacking. Someone got into my profile and hacked my picture. They knew I was jewish and put nazi material all over it. They even knew where I lived...

I don't think they hacked my entire profile as none of it was changed. My friend had his hacked too, so I know it's some kind of new microsoft vunreability, maybe in the .net framework or server apps.

I posted about it but no one really seemed to care.

Question: How do I delete or block all emails at the server level (for the whole server not just individual domains) which have an attachment of .exe .pif or .scr?

I do not mind if the attachment and email are deleted just want them gone.

What is the best software to use?

Mcafee says when the attachment is run, it creates a file named: taskmon.exe

Does Windows already have a file by that name, because I found that file.

taskmon.exe is a standard Windows file. I wouldn't kill it if I were you.

Thanks Bill, that's what I wanted to know (wipes his brow...)

I noticed that too, wonder how many people think ahh and kill their real task manager!

Hint: do a Google search on taskmon.exe

Thanks for the warning guy's.

Yep woke up 6:30 this morning received an alert from Norton, updated it, and blocked all .pif,.bat,.scr,.exe,.zip,.bas and few others at the server so I wont receive it.

However I did get one email with a very suspicious attachement which I deleted. That was before I put a block on the server.

Never seen something move so fast, i mean I finished last night at 11:30pm woke up at 6:30am and I receive many alerts!

This one will hurt people!

All webmaters should look into blocking attachments at the server. Their are many attachments these days I don't require people to send me.

If your on a commercial basis like .com .net etc then it would be wise to look into it.

I have managed to block so many unwanted attachements..

Take care guys!

I can only say that I am very happy to have implemented my own custom anti-virus measures years ago on my mail server. It's simple but effective: I simply block all types of executable attachments that I know of.

If someone wants to send us an executable attachment like a self-extracting zip archive, they have to put a special text in the body.

The problem with relying on auto-updating AntiVirus Software (which I also use) is that some viruses spread faster than the auto-updates.

I suspect it abuses one of my domains as email in the from-header for replicating. Besides the official virus mails I get bombed with "Virus removed" mails.

Anyone having the same problem?

I suspect it abuses one of my domains as email in the from-header for replicating. Besides the official virus mails I get bombed with "Virus removed" mails.

Only 1 of my domains also, but this was before I placed my block not sure if the block would stop it or not.

Our block only stops the email arriving to our computers, maybe if someone who was infected and had your email address in their address book, it would then send the virus to someone else and it would appear from you. Then a warning message is sent to your email address even though your not the original sender.

Just started here in Switzerland... I made a special fitler for my mail server, really annoying!

- swizz

How do I delete or block all emails at the server level (for the whole server not just individual domains) which have an attachment of .exe .pif or .scr?

Ah, but this baby is a .zip file which unzips to .pif. That makes it trickier.

Yeh im in UK and started to recieve this virus yesterday.

So far have managed to stop it with mailwasher and Norton.

I hate these virus ppl grrrrrrr :¦

Ah, but this baby is a .zip file which unzips to .pif. That makes it trickier.

Yes, for the first time I am blocking the Zip files.

I would say 90% are being blocked at the moment but some still manage to get through.

I received one with

.htm

which surprised me and yet NAV says:

.pif
.scr
.exe
.cmd
.bat
.zip