McAfee internet virus alert - MyDoom worm ( w32.novarg.a@mm / W32/MyDoom-A@MM / WORM_MIMAIL.R ) Discovered on: January 26, 2004

HIGH VIRUS ALERT - 'MyDoom' Internet Worm

HIGH VIRUS ALERT - 'Mydoom' Worm

Save $5 on VirusScan Online

The #1 anti-virus solution online. Protect your PC from viruses and receive FREE automatic updates.

Is your protection current?
Subscribe to VirusScan Online

VIRUS ALERT - 'MyDoom' Internet Worm

W32/Mydoom@MM is a HIGH-OUTBREAK mass-mailing worm flooding email servers worldwide. When run, the worm steals email addresses from the infected machine and also automatically generates random email addresses for propagation. This email generation engine is similar to technologies spammers use to generate addresses for spam email campaigns.

W32/Mydoom@MM generates emails with a spoofed "From: field", so incoming messages may appear to be from people you know. Furthermore, the subject line and message body are both randomly generated by the worm.

Caution¿An infected email can come from addresses you recognize and may contain the following information:

From: randomly generated (spoofed)
Subject: randomly generated
Body: randomly generated—examples:

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.

Attachment: randomly generated
The icon used by the file tries to make it appear as if the attachment is a text file. The attachment type varies [.exe, .pif, .cmd, .scr]—often arrives in a ZIP archive. (filesize = 22,528 bytes)

Aliases: Novarg, W32.Novarg.A@mm, Win32/Shimg, WORM_MIMAIL.R

Up-to-date McAfee VirusScan users are protected from this threat.

Learn More about W32/Mydoom@MM :-

CLICK HERE

AND

CLICK HERE

AND

CLICK HERE

******************************************************************

To:
From:
Date: Tue, 27 Jan 2004 09:21:37 +0000
Subject: hi

Viruses found:
Virus 'W32/MyDoom-A' found in file text.pif

The recipient(s) of your email have been informed that the email has been blocked.

The message has not been delivered. It will remain quarantined until the recipient authorises its delivery. After 30 days the email will be automatically deleted from the quarantine area.

Please note that as a matter of policy certain attachments types are blocked by default based on file extension. If you have a legitimate file to send which is being blocked, please consider renaming the extension or enclosing it within a ZIP file.

--
The intY anti-virus team.
http://www.inty.net/

Subj: virus found in sent message "Test"
Date: 1/27/04 12:16:04 PM GMT Standard Time

A virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message reaching its destination.

Logging to './nvc00000.log'
Possible virus in '/var/spool/qmailscan/uranaus.gagar.fi107520727045616356/text.pif' -> 'MyDoom.A@mm'

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files.

The worm will perform a DoS starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

Reference:

You should know that your recent email message detailed below was identified as potentially containing a virus.

*******************************************************************

IMPORTANT SECURITY NOTE

Up-to-date McAfee VirusScan users are protected from this threat. For dial-up connections, we also recommend McAfee Personal Firewall Plus. An extra layer of protection, it helps render your system invisible to malicious code and break-ins like Lovsan.
Save $5 on McAfee Personal Firewall Plus

Web Hosting From Brinkster