posted on January 31, 2004 09:50:40 AM new
Over the past 3 days I have been getting strange emails with a binary attachmemts I have deleted them w/o opening the attachment. Here are a couple that came this morning; sjohn@cumberland games.com & contactus@brandon brandon.com. Sounds like they are from Canada. I know there is a Brandon Ont. & St Johns, NF.
posted on January 31, 2004 10:09:38 AM new
FYI: Most likely this is what you're getting;
W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
There is a 25% chance the worm will perform a Denial of Service (DoS) starting at 16:09:18 (local system time) on February 1, 2004. If the worm does start the DoS attack, it will not mass-mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.
--------------------------------------------------------------------------------
Notes:
Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread.
Symantec Security Response has developed a removal tool to clean the infections of W32.Novarg.A@mm.
Also Known As: W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]
"I won't be wronged, I won't be insulted, and I won't be laid a hand on. I don't do these things to other people and I require the same from them."- John Wayne/The Shootist"(from the novel by Glendon Swarthout)
posted on January 31, 2004 10:47:18 AM new
Thanks pandora, I was sure that is what it was. I just don't open emails from strange email names with an attachment. Even though I have Norton Security, why take the chance. I have been checking my A/V every day this week.
posted on January 31, 2004 12:20:53 PM new
Now have rec'd 2 more today. Lucy I( havce it on automatic update. Today I did a complete virus scan on the hard drive. Everything is AOK. These emails are easy to spot, they all havean attachment in binary.
[ edited by sanmar on Jan 31, 2004 12:24 PM ]