Like Tree0Likes

Hey OSO Steve: You have the bug!

Reply
Old 02-04-2004, 07:43 AM
  #1
Platinum Member
Platinum Member
Thread Starter
 
CigDaze's Avatar
 
Join Date: Jun 2001
Location: St. Petersburg, FL
My Boats: Cigarette 35 Cafe Racer
Posts: 21,346
Default Hey OSO Steve: You have the bug!

Looks like you have the new virus.
It's a nasty one.
CigDaze is offline  
Reply With Quote
Old 02-04-2004, 08:05 AM
  #2
Platinum Member
Platinum Member
Thread Starter
 
CigDaze's Avatar
 
Join Date: Jun 2001
Location: St. Petersburg, FL
My Boats: Cigarette 35 Cafe Racer
Posts: 21,346
Default

I got an e-mail from [email protected] with the telltale subject line "hi," the body of the message was a bunch of garbage ascii text and a *.zip file.

Antivirus companies say latest e-mail worm spreading fast
MATTHEW FORDAHL, AP Technology Writer
Monday, January 26, 2004
2004 Associated Press

URL: sfgate.com/article.cgi?file=/news/archive/2004/01/26/financial2102EST0374.DTL


(01-26) 21:09 PST SAN JOSE, Calif. (AP) --

A malicious program attached to seemingly innocuous e-mails was spreading quickly over the Internet on Monday, clogging network traffic and potentially leaving hackers an open door to infected personal computers.

The worm, called "Mydoom" or "Novarg" by antivirus companies, usually appears to be an e-mail error message. A small file is attached that, when launched on computers running Microsoft Corp.'s Windows operating systems, can send out 100 infected e-mail messages in 30 seconds to e-mail addresses stored in the computer's address book and other documents.

The attack was first noticed Monday afternoon. Within hours, thousands of e-mails were clogging networks, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.

Besides sending out e-mail, the program appears to open up a backdoor so that hackers can take over the computer later.

"As far as I can tell right now, it's pretty much everywhere on the planet," Gullotto said.

Security software experts were scrambling to decrypt the details of the malicious program and were arriving at different conclusions.

Symantec, an antivirus company, said the worm appeared to contain a program that logs keystrokes on infected machines. It could collect username and passwords of unsuspecting users and distribute them to strangers.

Network Associates did not find the keylogging program.

The worm also appears to deposit its payload into folders open to users of the Kazaa file-sharing network. Remote users who download those files and run them could be infected.

Symantec also found code that would flood The SCO Group Inc.'s Web site with requests in attempt to crash its server, starting Feb. 1. SCO's site has been targeted in other recent attacks because of its threats to sue users of the Linux operating system in an intellectual property dispute. A SCO spokesman did not return a telephone call seeking comment Monday.

Overall, the computer security firm Central Command confirmed 3,800 infections within 45 minutes of initial discovery.

"This has all the characteristics of being the next big one," said Steven Sundermeier, Central Command's vice president of products and services.

It appeared to first target large companies in the United States -- and their large address books -- but quickly spread internationally, said David Perry, global director of education at the antivirus software firm Trend Micro.

Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes. Instead, one of its messages reads: "The message contains Unicode characters and has been sent as a binary attachment."

"Because that sounds like a technical thing, people may be more apt to think it's legitimate and click on it," said Steve Trilling, Symantec's senior director of research.

Subject lines also vary. The attachments have ".exe," ".scr," ".cmd" or ".pif" extensions, and may be compressed as a Zip file.
CigDaze is offline  
Reply With Quote
Old 02-04-2004, 08:08 AM
  #3
Platinum Member
Platinum Member
Thread Starter
 
CigDaze's Avatar
 
Join Date: Jun 2001
Location: St. Petersburg, FL
My Boats: Cigarette 35 Cafe Racer
Posts: 21,346
Default

A fix is available here, for those who may have it:

http://securityresponse.symantec.com...oval.tool.html
CigDaze is offline  
Reply With Quote
Old 02-04-2004, 08:33 AM
  #4
Banned
 
cuda's Avatar
 
Join Date: Sep 2001
Location: Deland, Florida
Posts: 25,191
Default

I remember recieving an email with binary codes. I didn't open it. How can I tell if I have the bug?
cuda is offline  
Reply With Quote
Old 02-04-2004, 08:36 AM
  #5
Platinum Member
Platinum Member
Thread Starter
 
CigDaze's Avatar
 
Join Date: Jun 2001
Location: St. Petersburg, FL
My Boats: Cigarette 35 Cafe Racer
Posts: 21,346
Default

The most noticible clue is if you are receiving emails from your internet provider stating either "message undeliverable," or "message cannot be processed," or something to that effect.

Basically, unbeknownst to you, your system is sending out messages to everyone in your e-mail address book and once in a while one will get rejected or bounced back, delivering to you one of the messages above.

But the best way to be absolutely certain is to run the tool in my above post. It can't hurt anything and will only take a few minutes.
CigDaze is offline  
Reply With Quote
Old 02-04-2004, 08:58 AM
  #6
Moderator
Gold Member
 
ChrisK's Avatar
 
Join Date: Nov 2001
Location: Orlando
My Boats: Boatless... Damn...
Posts: 4,477
Default

I have not gotten an email from OSO...
ChrisK is offline  
Reply With Quote
Old 02-04-2004, 09:06 AM
  #7
Registered
 
Join Date: Oct 2000
Posts: 2,963
Default

Does his one go through your e-mail list like most of the others?
OffshoreOnly is offline  
Reply With Quote
Old 02-04-2004, 09:21 AM
  #8
Registered
 
PhantomChaos's Avatar
 
Join Date: Dec 2000
Location: Bell Canyon, CA
My Boats: Formula FASTech 382 Sunseeker Apache 45
Posts: 12,756
Default

It doesn't mean the email came from him. The return address could have been "spoofed" and the email came from some other infected machine.
PhantomChaos is offline  
Reply With Quote
Old 02-04-2004, 09:22 AM
  #9
Banned
 
cuda's Avatar
 
Join Date: Sep 2001
Location: Deland, Florida
Posts: 25,191
Default

When I click on removal tool,it keeps cycling me back around to where I was.
cuda is offline  
Reply With Quote
Old 02-04-2004, 09:26 AM
  #10
Charter Member#157
Charter Member
 
MnFastBoat's Avatar
 
Join Date: Oct 2000
Location: Minneapolis, Mn, Usa
My Boats: 1999 Advantage 28' Cat
Posts: 1,847
Default

just because it is an email that LOOKS like it came from OSO does not really mean it came from them

It could actually have infected YOUR computer and is using YOUR address book.
Once it sends email out using your addresses, it comes back to you saying undeliverable, then you click on it, open the worm and walla you just infected yourself.

It is at work right now, and who only knows when it will happen
__________________
This Cat is trying to keep up with the Big Dogs
MnFastBoat is offline  
Reply With Quote
Reply

Related Topics
Thread
Thread Starter
Forum
Replies
Last Post
Audiofn
General Boating Discussion
26
12-11-2007 10:59 PM
sakoutis3
General Boating Discussion
0
05-15-2006 10:11 AM
Cash Bar
General Boating Discussion
7
11-28-2004 12:13 AM
Pure Energy
General Boating Discussion
1
03-14-2003 10:36 AM



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 11:13 PM.


Copyright 2011 OffShoreOnly. All rights reserved.