Jump to content



2024 Annual Membership Fees

Be Careful All, New Virus

Cunny78

By Cunny78
in Non-League / Off Topic

 Share

Recommended Posts

Cunny78

Cunny78

Posted
Posted

Just got this email,

 

- ORANGE ALERT: Mydoom.AO. Internet search engines,

once again in the sights of a computer virus -

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

 

Madrid, February 17, 2005 - PandaLabs has detected the appearance of a new

worm that uses Internet search engines to spread rapidly: Mydoom.AO. This

worm uses Google, Altavista, Yahoo and Lycos to search for email addresses

to which to send itself. In this way, a single infected computer can

distribute thousands of copies of the worm in just a few minutes. This means

that probability of a computer becoming infected by the Mydoom.AO worm is

high.

 

Panda Software clients that already have TruPrevent Technologies to

protect against unknown viruses and intruders, have had preventive

protection against Mydoom.AO from the moment it first appeared as they are

able to detect and block this threat without needing to have identified it

previously (more information about the new TruPrevent Technologies at

http://www.pandasoftware.com/truprevent).

 

Mydoom.AO uses so-called 'social engineering' to try to trick users, as the

email messages it spreads in appear to be mail delivery error messages,

these include: Message could not be delivered, Mail System Error - Returned

Mail, or Delivery reports about your e-mail.

 

The message text itself is also variable. One example is:

 

Your message (was not|could not be) delivered because the destination

(computer|server) was (not|un)reachable within the allowed queue period. The

amount of time a message is queued before it is returned depends on local

configura-tion parameters (the text in brackets is variable).

 

The name of the attached file that actually contains the worm is chosen at

random and has one of the following extensions: ZIP, COM, SCR, EXE, PIF, BAT

or CMD.

 

If a user becomes infected by the worm, it creates a copy of itself under

the name JAVA.EXE and searches for email addresses in the Windows address

book, Internet temporary files, and in files on the computer with certain

extensions. Once it has done this, it selects domain names from the

addresses it has collected and uses them as search words in Google,

Altavista, Yahoo and Lycos. Finally, Mydoom.AO sends itself out to all

addresses it finds.

 

The worm also creates several Windows registry entries to ensure it is run

on every system start up.

 

According to Luis Corrons, director of PandaLabs: "Virus creators are

finding Internet search engines a powerful tool for rapidly spreading

malicious code. Mydoom.N was the first to use this strategy, and this new

worm is following in its footsteps. This tactic effectively multiplies the

propagation capacity of a malicious code, and it is therefore likely that we

will see more of the same".

 

Given the likelihood of incidents involving Mydoom.AO, Panda Software

advises users to act with caution and update their antivirus software. Panda

Software clients already have the corresponding updates to detect and

disinfect this new malicious code.

 

Panda Software's clients can already access the updates for installing the

new TruPreventTM Technologies along with their antivirus protection,

providing a preventive layer of protection against new malicious code. For

users with a different antivirus program installed, Panda TruPreventTM

Personal is the perfect solution, as it is both compatible with and

complements these products, providing a second layer of preventive

protection that acts while the new virus is still being studied and the

corresponding update is incorporated into traditional antivirus programs,

decreasing the risk of infection. More information about TruPreventTM

Technologies at http://www.pandasoftware.com/truprevent.

 

In addition, users can scan their computers online for free with Panda

ActiveScan, available at http://www.pandasoftware.com/

 

Users can also scan and disinfect their computers using Panda ActiveScan,

the free, online scanner available from: www.pandasoftware.com

 

More information about Mydoom.AO is available from Panda Software's Virus

Encyclopedia, at http://www.pandasoftware.com/virus_info/encyclopedia/

 

NOTE: The addresses above may not show up on your screen as single lines.

This would prevent you from using the links to access the web pages. If this

happens, just use the 'cut' and 'paste' options to join the pieces of the

URL.

 

------------------------------------------------------------

To unsubscribe from Virus Alerts, please visit:

http://www.pandasoftware.com/unsubscribe.asp

 

To contact with Panda Software, please visit:

http://www.pandasoftware.com/about/contact/

------------------------------------------------------------

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use, Privacy Policy and Guidelines. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..