01-28-2004, 12:30 AM
|
|
Executive Editor
Join Date: Aug 2006
Posts: 29,160
|
|
Community Service Warning: What You Should Know About the Mydoom Worm
"W32/Mydoom@MM spreads through e-mail. This worm can disguise the sender's address, a tactic known as spoofing, and may generate e-mail messages that appear to have been sent by Microsoft. Many of the addresses Mydoom uses are valid addresses that are being spoofed for malicious purposes.
Technical information about the virus is available from antivirus vendors participating in the Microsoft Virus Information Alliance (VIA). The Mydoom worm is also known by the names Novarg, Shimg, and Mimail.R.
If you ever receive a questionable e-mail message that contains an attachment, do not open the attachment. If you cannot confirm with the sender that the message is valid and that the attachment is safe, delete the message immediately. If you receive a questionable message that purports to be from Microsoft, you should be aware that Microsoft never distributes software through e-mail."
|
| |
|
|
|
01-28-2004, 12:34 AM
|
|
Ponderer
Join Date: Dec 2003
Posts: 95
|
|
You may also recieve a bounce back that the email "you" sent was rejected due to virus.
This does not mean your system sent it. The spoofing involves the virus extracting email addresses from users address book, (which may contain your email address, ie a friend has you in contacts) and then sends multiple emails on your behalf without ever asking you!
Nasty indeed.
|
| |
|
|
|
01-28-2004, 12:54 AM
|
|
Intellectual
Join Date: Jul 2002
Posts: 146
|
|
Wow after reading this I checked with my anti virus supplier and in the time it took me to read the info on the worm, the reported incidences had increased four-fold in the UK! 8O
Regards
David
|
| |
|
|
|
01-28-2004, 01:16 AM
|
|
Pontificator
Join Date: Mar 2002
Posts: 1,329
|
|
hehe. My e-mail client is setup to auto strip any executable attachments before I even touch them and my filters are setup to ax any HTML e-mails. All my contacts know this. So it's not a problem for me. Thanks anyways. 
__________________
PDA History: Palm Pilot 5000 -> Apple Newton 2100 -> Casio E-11 -> iPaq 3650 (64MB Upgrade) -> iPaq 3700 -> Casio EM-500 -> HP Jornada 568 -> HP iPaq hx4705 www.spreadfirefox.com |
| |
|
|
|
01-28-2004, 01:17 AM
|
|
Executive Editor
Join Date: Aug 2006
Posts: 29,160
|
|
Quote:
|
Originally Posted by Jonathan1
hehe. My e-mail client is setup to auto strip any executable attachments before I even touch them and my filters are setup to ax any HTML e-mails. All my contacts know this. So it's not a problem for me. Thanks anyways. |
Why? You obviously have the knowledge to know what to open and what not to open, so why the extreme measures that destroy valid HTML communications?
|
| |
|
|
|
01-28-2004, 01:18 AM
|
|
Thinker
Join Date: Aug 2006
Posts: 437
|
|
I had over 800 copies of this worm emailed to addresses at my company today. The odd thing was, many of them were sent to addresses that didn't exist. I think the worm, after grabbing a valid address @suchinsuch.com, is also sending messages to common names @suchinsuch.com. I saw lots of first names in these bogus addresses, like bob@, susan@, david@, frank@, etc etc etc... my company doesn't use that scheme.
|
| |
|
|
|
01-28-2004, 01:23 AM
|
|
Theorist
Join Date: Apr 2004
Posts: 262
|
|
Quote:
|
Originally Posted by Godsongz
I had over 800 copies of this worm emailed to addresses at my company today. The odd thing was, many of them were sent to addresses that didn't exist. I think the worm, after grabbing a valid address @suchinsuch.com, is also sending messages to common names @suchinsuch.com. I saw lots of first names in these bogus addresses, like bob@, susan@, david@, frank@, etc etc etc... my company doesn't use that scheme.
|
Indeed, a client of mine went crazy because of all the inbound failure notices he got from the virus that was sent to george@... , maria@ .... etc.
Normally inbound notices are helpfull, you would be surprised how many people type an e-mail address wrong, so an inbound failure can tell who tried to contact who within the company, but I decided to automatically delete all inbound failure messages until this blows over...any ideas on a better way to solve this ?
Kind regards,
Ivan
|
| |
|
|
|
01-28-2004, 01:27 AM
|
|
Executive Editor
Join Date: Aug 2006
Posts: 29,160
|
|
Quote:
|
Originally Posted by denivan
Normally inbound notices are helpfull, you would be surprised how many people type an e-mail address wrong, so an inbound failure can tell who tried to contact who within the company, but I decided to automatically delete all inbound failure messages until this blows over...any ideas on a better way to solve this ?
|
Between viruses and spammers hijacking domains to use as return addresses, inbound notices have become drastically less useful. When a spammer stole my domain name (kensai.com) and started using it as a domain for fake return addresses, I started getting 50+ bounce messages every day, because my domain it set to forward ALL email to me (a blanket forward). I've since had to change that because of the damn spammer...
|
| |
|
|
|
01-28-2004, 01:47 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Quote:
|
Originally Posted by Jason Dunn
Why? You obviously have the knowledge to know what to open and what not to open, so why the extreme measures that destroy valid HTML communications?
|
I think it just boils down to the fact that people are very polarized about the concept of HTML email. 
--janak
|
| |
|
|
|
01-28-2004, 01:54 AM
|
|
Pupil
Join Date: Dec 2003
Posts: 49
|
|
people who uses HTML to write email should be prohibited to reproduce. Instant castration I say.
|
| |
|
|
|
|
|
Linear Mode
