“A mass-mailing virus quickly spread through the Internet on Monday, compromising computers so that they attack the SCO Group’s Web server with a flood of data on Feb. 1, according to antivirus companies,” Robert Lemos reports for CNET News.com.
“The virus–known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies–arrives in an in-box with one of several different random subject lines, such as ‘Mail Delivery System,’ ‘Test’ or ‘Mail Transaction Failed.’ The body of the e-mail contains an executable file and a statement such as: ‘The message contains Unicode characters and has been sent as a binary attachment,'” Lemos reports.
“‘It’s huge,’ said Vincent Gullotto, vice president of security software maker Network Associates’ antivirus emergency response team. ‘We have it as a high-risk outbreak.’ In one hour, Network Associates itself received 19,500 e-mails bearing the virus from 3,400 unique Internet addresses, Gullotto said. One large telecommunications company has already shut down its e-mail gateway to stop the virus,” Lemos reports.
“Once the virus infects a Windows-running PC, it installs a program that allows the computer to be controlled remotely. The program primes the PC to send data to the SCO Group’s Web server, starting Feb. 1, a virus researcher said on the condition of anonymity. The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO’s Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims,” Lemos reports.
“The virus installs a Windows program that opens up a ‘back door’ in the system, allowing an attacker to upload additional programs onto the compromised device. The back door also enables an intruder to route his connection through the infected computer to hide the source of an attack,” Lemos reports.
Computers running Apple’s Macintosh and Mac OS X operating systems are unaffected.
Full article here.
MY GOD I am glad I am on a Mac.
Hey Mac Beth, word around the thread is that you spread like jelly on a pro keyboard. That’s NICE! What do you do for an encore?
I’ve gotten three of them and an ISP return or one that seemed to use an incorrect user name with my domain name.
I’m curious though, I tried scanning the attachements (after moving them to my desktop) with Virex 7.2 (up to date) and they showed up clean. Having read descriptions of the virus, I’m sure this is it (and I never get these types of attachments ending it .pif etc. or any attachments from strangers generally.
So why isn’t it showing up as a virus with Virex? Wouldn’t it be a danger to anyone I forwarded it to, even if it doesn’t affect my Mac? Just for kicks I tried opening one afterward in text edit and just got the code but it meant nothing to me.
wow, just got another undeliverable address using my domain name and email saying the address had permanent fatal errors. I didn’t sent it of course, to an AOL account. What is going on? Does that mean this thing is sending out emails using my domain email address?
I received five of them overnight, all filtered beautifully into my iBook’s junk mailbox. What I found most amazing is that there are still people out there, probably spanning all platforms, dumb enough to open these sorts of attachments.
It’s common for the things to partially forge the headers so that they go out from infected user A but look like they come from some random address in infected user A’s address book. Don’t know if this one is doing that or not, but it’s likely. Normally, I get returns, too. The receiving mail server just looks at the return address and sends the bounce, regardless of where the mail actually originated.
Well, at least the virus is for a good cause.
And this is a lesson in how we can harness the power of IDIOT…who opens these atachments…same people that’ll pay 300 dollars for a computer and think they’re getting a good deal.
Yes, SCO is running *nix but they are still succeptible to Denial Of Service attacks…There’s a difference between secure by design and most bandwidth ever.
Sailfish
I just installed the Protein folding program on 5 g4 towers that run 24/7. Hope that helps.
As much as we want to say “Thank God I’m running a Mac”, we can’t honestly say that these worms and viruses, DDoS Attacks and the like *don’t* affect us Mac users. When the worm takes down the Mail server you use, it doesn’t matter what Platform you use, the Mail Server is down. Period. When your ISP blips off the internet thanks to a massive DDoS attack…it doesn’t matter that you have an iBook or iMac…you can’t get online. We can feel proud that we do run a System that doesn’t proliferate these problems, but honestly, I don’t think we can really say that we are unaffected by them.
Examples?…
Nagromme:I’m getting flooded with these. Not to mention all the errors from ISPS RETURNING the virus to my domain–simply because the virus putting fake From addresses and some are non-existent people at my domain.
la dolce vita:wow, just got another undeliverable address using my domain name and email saying the address had permanent fatal errors. I didn’t sent it of course,
jfbiii:The receiving mail server just looks at the return address and sends the bounce, regardless of where the mail actually originated.
And just this morning, our mail server at the ISP I work for was overloaded with these emails, causing a virus update (irony time ten) to corrupt and pooch the whole server. It’s back now, but we estimate that at least 30% of our customers received the infected emails before the server went down. Most of the messages seemed to originate from within our service.
And I couldn’t get my email for 3 hours.
Mac Beth,
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Ouch!!
sorry, snoop, you still won’t be doing that with MY @$$. maybe i do spread faster than a virus, but that don’t mean i aint choosy…. :p
u better go clean that “jelly” off your pro kyboard… my ex made my laptop all sticky that way!
darkroland i guess these peecee viruses can pee us mac peeps off pretty good sometimes but we arent getting our computers taken over and wrecked so i’m happy
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
I am amazed by the idiocy of most Windows users to NOT see these emails as suspect and something NOT TO CLICK!
In many ways, that lemming-like community deserves what they get for being so freaking stupid!
See, though, it’s not just the dumb windoze end-user…it’s the incompetent windoze mcse that doesn’t know how to lock his system down — granted, it’s a pain the ass but completely necessary to wade through hundreds of pages of instructions from DoD and others to close every known security hole — before it gets put online, much less exploited.
It is possible to run a windoze network without issue. It’s just time-consuming, expensive, and requires constant vigilance. It’s also limiting because you have to block more file-types than you let through. Not often an option for ISPs but very doable in a corporate environment.
Opps, late to the party today and I see RV called me out.
Mydoom hasn’t shown up here yet, and our firewall and virus stuff usually sees those things before they get started. I actually don’t know how those things work, so I suppose my several years without a problem are a fluke. I wouldn’t have posted this had you not asked, since un-negative windows experiences are always doubted here, and I am merely one man and can stir up only so much shit.
I know you don’t read my posts closely RV, but I always say that osX is better than windows.
Thanks for feeding me
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
“Too-Shea” MacBeth
la dolce vita – I got two returned emails like you described, that I of course didn’t send. I wonder how many made it through, and how many people are pissed at me!
hey there’s a new virus version now too
2� from a Windows user, and a question:
I use a Pocket PC as my primary computing/communications device. It’s a fairly versatile little box, and I’ve got a camera add-on, dialup modem card, tons of memory for it, and hope soon to get a GSM/GPRS card. One of the nice things about using an odd little computer is that, Windows or not, there isn’t a single virus for it. I’ve probably seen at least 200 copies of the mydoom crap in my nPOPw email client (a fine little freeware from a Japanese developer by way of a UK guy who tweaked it a bit), and of course I just delete them from the server before more than a few lines of code ever gets over the wire. Even if I was running a PC, I’d still only use nPOP for email for this very reason; download previews make it physically impossible for any infection to arrive, never mind execute on the box. If my server gets toasted that’s a different story. Apparently they run Unix though, so perhaps they’re safe for now.
On with the question; I just had a doublebass player come over to have some adjustments done. He got talking about his Mac, which today, he says, got infected with a variant MyDoom virus strain. A friend of his, a drummer, got so messed up about his own Mac being infected yesterday that he formatted the hard drive on his ibook and started over from scratch!
So my question is, is this thread wrong? Can a Mac be infected? I know absolutely diddly about Mac, and so even if I went over to this guy’s house and dug around I’d probably not be able to tell if he’s full of crap or what. Still, he says he accidentally spammed about 200 contacts with the virus this morning without realising it. What’s up with this? Has someone made it work on OSX?
You should know, in case it’s not already clear, that this virus does not need any email client to be active in order to spread. All it needs is to be activated, then whenever you have a live connection it will disseminate as though it *is* an email client, sending copies of itself over the wire to lots and lots of people. Has some other evil tricks for email address generation and such too. Apparently it causes no real harm to the host, just uses it to pass itself along and clog the pipes of the internet with billions of duplicated sends. That means, I presume, that it could actually be running on a Mac (if so coded) and many users would be totally unaware that they were helping to spread this bug.
My brother runs an oldish iMac on OSX and reckons his whole hard drive has gone tits up after recieving an email from his own webdomain but with some random name (ie alice@webdomain.com, but he doesn’t know ANYone called alice), and after opening it his programs froze, he tried to restart, and nothing… WOuldnt even recognise his system CDs… He’s not on AppleCare, sothey won’t fix it, but after he explained what the problem was, and how he thinks it happened, they actually asked to download his entire system so they could take a look as they’d never heard of this happening…
I don’t understand how they were able to download it if he couldn’t even restart the machine, but hey. He’s not sure if it was just a coincedence that a bug crashed his machine the same day he got a dodgy email but he’s lost EVERYthing…
I thought Macs were impervious… Perhaps they’re not?
will My Doom Kills My Mac……………
Het begint op een vendetta te lijken, dat geeft niet hoor maar Dr. Phil zou zeggen http://freemiscellaneous.250free.com/