amitymamaThe Attachment Parenting Community

Pixie's~Mama · 01-27-2004, 12:12 AM

I've had this virus pop up in 6 emails so far today and some other WAHM's that I know are getting it, too. Better update and run your system scans!

Here's the link to the Symantec site: http://www.symantec.com/avcenter/ven...varg.a@mm.html

And a cut and paste of some of the info found on said page:

W32.Novarg.A@mm is a mass-mailing worm. The worm will arrive as an attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip.

When the machine gets infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This will potentially allow a hacker to connect to the machine and utilize it as a proxy to gain access to it's network resources. In addition, the backdoor has the ability to download and execute arbitrary files.

The worm will perform a DoS starting on February 1, 2004. On February 12, 2004 the worm has a trigger date to stop spreading.

--------------------------------------------------------------------------------
Note: Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread.
--------------------------------------------------------------------------------

Also Known As: W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend]

Type: Worm
Infection Length: 22,528 bytes

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

saharamama · 01-27-2004, 12:15 AM

Beat ya to it

... this one sure is annoying me ...I'm getting about10 every 5 minutes ... helps that my domain name used to be owned by a korean baby gear manufacturer and they still have their mail forwarded to my email account. BLUGH!!!

Too bad it doesn't disappear for another few weeks. It's going to drive me batty!

Jes

Dannielle · 01-27-2004, 12:44 AM

but what does it actually do? I never understand what the bottom line of viruses and worms is. Other than filling email boxes, that is.

saharamama · 01-27-2004, 01:09 AM

According to my computer nerdy SO ... the purpose of these worms is to increase network traffic to the point where it can cripple some mail servers.

Quote:

The worm will perform a DoS starting on February 1, 2004. On February 12, 2004 the worm has a trigger date to stop spreading.

A DoS is a Denial of service ... basically it'll get the mail servers so busy that they can't do their jobs properly ... may even crash them.

I have to wonder where these things originate and why they're written ... someone somewhere has to benefit from this. But it's driving me batty ... I'd shut off the affected account (so it stops filling my outlook inbox) except I'm waiting on some auction payments.

HTH

Jes

Serena · 01-27-2004, 04:29 AM

So what exactly does a worm DO? I mean, I keep getting these funny emails with no text. The subject line is "hi" and the sender is someone I don't know. There is an attatchment called "text.pif"
I just delete these mails... does that mean my computer is infected?

LaVieBoheme · 01-27-2004, 08:05 AM

This is why everyone should run Linux.

Then you wouldn't get these viruses! *lol*

bluemountain · 01-27-2004, 08:57 AM

I woke up to it this morning and I am so annoyed. All the infected emails are coming from AW email addresses too. I think dh opened one because my Norton's said that it could not quarantine infected program. Am I screwed now? What do I do with this? UGH!!!!!

Pixie's~Mama · 01-27-2004, 10:55 AM

Okay, I am by no means an expert on this subject; not even close. But, I will try to answer a fwe questions.

First off, this is the most important part of that mumbo jumbo above:

W32.Novarg.A@mm is a mass-mailing worm. The worm will arrive as an attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip.

When the machine gets infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This will potentially allow a hacker to connect to the machine and utilize it as a proxy to gain access to it's network resources. In addition, the backdoor has the ability to download and execute arbitrary files.

The worm will perform a DoS explained above by Saharamama starting on February 1, 2004. On February 12, 2004 the worm has a trigger date to stop spreading.

So, a few things, based on MY understanding. Maybe someone else can come along and explain this better. Renata? (where is Renata?)

1) Don't open attachments. I got suckered into this last night becuase I was using a web-based acct that often attaches the actual text of a message if it's in a funky font. KWIM? It *looked* like it was from a business colleauge, but it wasn't. Bottom line: If you're not expecting an email with an attachment from a specific person, then delete the email. I usually delete them from my inbox and then go delete them from the "deleted items" folder or purge the deleted messages.

2) Run your virus updates and run scans regularly. I ran 4 last night just to be sure because I may have messed up when I tried to open that attachment above. But none of the system scans come up with anything. (I need to check into this further. Does anyone know if this worm hides? IOW, if it is on my computer is it possible that it's not showing up in the scans?) ANYWAY, if you don't have an antivirus system, a friend told me about this free program last night http://www.grisoft.com/us/us_index.php

3) bluemountain ~ go to the Symantect site via that link in the OP and it tells you there what to do to get it off your computer. Run a virus scan first to see if you can find it. I'm still checking on the details about this, but it won't hurt for you to run a scan.

Again, I AM NOT AN EXPERT. LOL

Halo · 01-27-2004, 11:11 AM

if this is a similar 'worm' but I got a bunch of e-mail notifications today, saying that my message could not be sent - they included a file attachment of the supposed e-mail. Just be very careful to look at where your stuff is coming from, language and wording, etc. NEVER open an attachment without verification of what's in it, even if it comes from family/friends - and let them know to C&P forwards, etc.

Pixie's~Mama · 01-27-2004, 11:17 AM

Quote:

Originally posted by Halo
if this is a similar 'worm' but I got a bunch of e-mail notifications today, saying that my message could not be sent - they included a file attachment of the supposed e-mail.

Yep, it's the same one...

Quote:

The email will have the following characteristics:
From: may be a spoofed from address

Subject:
(one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error

Message:
(one of the following)
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Attachment:
(one of the following)
document
readme
doc
text
file
data
test
message
body

--------------------------------------------------------------------------------
Notes:
The attachment may have two suffixes. If so, the first suffix will be one of the following:
.htm
.txt
.doc

The worm will always end with one of the following suffixes:
.pif
.scr
.exe
.cmd
.bat
.zip