Latley I have been recieving odd e-mails in my yahoo account in my bulk folder. These e-mails are from people I dont know and either have the subject of "Hi","Hello", or just jarbeled letters. They also have something attached to them. I have been getting 5+ a day. It seems like it must be some sort of worm (MSBlaster?) because all of the e-mails are coming from adresses that dont sound as if they are web based. If anyone has any suggestions please let me know or if they have an idea of what all of this is.
-
The penguin is watching.
"The DefCon forums dont reward knowledge, but punish iggnorance." -Noid -
I hope you did not view them. What you have there is the MyDoom virus. The successor, MyDoom-B, will not even have to be clicked on top open.
Go to any of the anti-virus folks to download a free zapper for the MyDoom virus just to make sure you are safe.
By the way, catch the dude who wrote the code and you can be over a quarter million dollars richer. -
I opened one a week or so ago but deleted almost right away. I havent noticed any changes on my computer but I will go to one of the anti-virus folks and have it fixed. Thanks Astcell.The penguin is watching.
"The DefCon forums dont reward knowledge, but punish iggnorance." -NoidComment
-
That probably wasn't MyDoom that you opened last week as it just surfaced on tuesday...
...and back to lurking I go.Comment
-
MyDoom.a isnt bad, many good fixes out for it. Its Mydoom.b which was recently discovered in china(18ish hours ago), is highly polymorphic and as of this morning, no antivirus has released or issued any cleaners or a/v updates for. I have yet to see the source, but I would like to find the bastard that wrote it, 250k would allow me to invest in a T-3 at the house! - if you're running *nix, you can stop all the spam if you have spamassassin installed, just modify it to deny all mail with attachments that have
an attachment of 22,528 bytes, and all .zip files unless in the trusted users list. I also did a bit of port blocking, TCP 3127-3198
specifically so any stupid users on the network I administer dont get it and participate in the DoS attack.
Sidenote: I think Microsoft will be fine with what will occur, if they make the logical choice in how to divert bandwidth and all the GET requests they will receive.Comment
-
Last time MS knew they were going to be hit they simply removed windowsupdate.com and nothing happened. Howeverm that is like not keeping money at the bank so it cannot be robbed. :>
I have received hundreds of these virii now, thank heavens they go to one folder in e-mail and Sophos catches them as they land. I only wish my ISP caught them instead of simply defanging them.Comment
-
Very valid point, this attack is going to be different I do believe though. Last time they tried bandwidth attacks, which were stopped at fiber routers via filtering before they got close. This time all they know is that windows is targeted in some form, no specific target declared in regards to windows.... and with the GET requests they're using, I'm surprised they didn't take a different approach and use DRDoS - I dont condone it, nor am I giving ideas but its something to consider when trying to find the one behind it.
Qu|rkComment
-
Originally posted by iduru
The MyDoom email came out before Tuesday, it was out by Jan. 22, but had not started to spread world wide till Monday Jan 26. causing most of it damage."It is difficult not to wonder whether that combination of elements which produces a machine for labor does not create also a soul of sorts, a dull resentful metallic will, which can rebel at times". Pearl S. BuckComment
-
Originally posted by astcell
MS should have done more though. It seems as if MyDoom likes to take out IE. So, hopefuly everyone uses Netscape or something else other than IE to access the internet.
Also, if you do get MyDoom, make sure that all of your TCP & UDP Bridge Ports are checked because it likes to try and open an access to them.
You can close these ports so MyDoom can not gain access, however may be looking at a lot of ports."It is difficult not to wonder whether that combination of elements which produces a machine for labor does not create also a soul of sorts, a dull resentful metallic will, which can rebel at times". Pearl S. BuckComment
-
Another interesting MyDoom.b twist. Apparently it also blocks you from hitting most AV sites (symantec, etc).
I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me
Comment
-
That's easy to fix if you know anything about lmhost files.Comment
-
-
Bulk folders...
I have several email accounts...and it seems that anytime you subscribe to an email newsletter or have to input your email address on the web anywhere, you get slammed with bulk crap mail. It could also just be where garble trash mail goes by default.....not sure.
But I have seen the same issue across Lycos, Yahoo, Netscape, and Hotmail.
Best rule of thumb in my opinion, is always dump the bulk mail without even looking at it.
99.9999999999999999% it's marketing crap.
But this seems to be the norm across any free email services.Comment
Comment