Nicks VR4

http://vil.nai.com/vil/content/v_100983.htm

McAfee are still currently analyzing this the threat

JackClark

It's big, get ready for fun in the morning.

ScottyScoob

Thought I was going to have a quiet night but not now, office in Holland is now disconnected from the network aswell as office in Melbourne grrrrrrrr

Redkop

Mailbox being flooded with it now, but ISP is dealing with it, so its not getting through, but is damned annoying [img]images/smilies/mad.gif[/img]

Puff The Magic Wagon!

iTrader: (2)

Only 3 so far, probably from someone on SN...

All Dat'd up ( ) so bring it on

Avi

W32.Novarg.A@mm

WWe've blocked thousands of these this morning, same thing [img]images/smilies/mad.gif[/img]

[Edited by Avi - 1/27/2004 11:20:37 AM]

JackClark

McAfee Stinger has been updated to deal with this threat and can be downloaded free from here http://vil.nai.com/vil/stinger/

ChrisB

A plea to Sys Admins...

Please turn off sending AV notifications to the external sender.

I'm not infected, I didn't e-mail your user, it was wasn't me.

Gawd knows how much extra traffic the AV alerts generate and it's all pointless with spoofed From: fields.

Jeff Wiltshire

Chris

Same problem here.....makes a nice DoS .....

Markus

Chris, think that is what my problem in my other thread is, some sysadmin is sending me out, so far 200 plus, notifications. mmm, nice, pity I'm on a mac which won't be effected by this (though I think I can still spread it).

Hobo_Jojo

not had this yet, tho i never seem to get any of these virus out breaks coming through to me - as yet to ever get a virus (touch wood)

JackClark

Not as big as the DOS SCO's going to get on Feb 1st. Author's an obvious Linux lover.

Avi

Here Here.. try explaining to a secretary that someone has sfoofed their address, makes more trouble than it's worth.

ChristianR

iTrader: (1)

so what has sco done then, which wants the creator of the virus to attack it? guess it makes a change from a microsoft domain!

Monkeh

Hehe
I love Norton Corporate AV it updates all the clients automatically
only 1 user out of 250 in my office has had it so far

StickyMicky

had 4 of these today
all .zip files

JackClark

Christian, take a look on SCO.com, might have something to do with them asking Linux users for a licence fee.

ChristianR

iTrader: (1)

cheers, just seen this on the sophos website, which explains it well (http://www.sophos.com/virusinfo/articles/linuxwars.html) :

MyDoom worm: the latest weapon in the Linux wars? Sophos comments
Virus researchers at Sophos are suggesting that the W32/MyDoom-A worm, currently spreading widely across the internet, may have been deliberately constructed as a weapon in the current round of "Linux wars". The worm launches a distributed denial of service attack against the website of SCO, who have recently courted controversy in the Linux community. Such an attack could potentially knock SCO's website off the internet.

In May 2003 US-based SCO claimed that versions of the Linux open source operating system use code owned by SCO. It has begun offering Linux users a licence to protect them against possible legal action. Leading Linux developers such as Linus Torvalds, the inventor of Linux, have denied that Linux source code contains any SCO intellectual property. SCO has also launched legal actions against IBM, Red Hat, and Novell.

"Rows between SCO and the open source community have been continuing for some months. The MyDoom worm takes the Linux Wars to a new intensity," said Graham Cluley, senior technology consultant for Sophos. "It appears that the author of MyDoom may have taken the war of words from the courtrooms and internet message boards to a new level by unleashing this worm which attacks SCO's website. If we ever get our hands on MyDoom's creator my guess is that he will be an open source sympathiser. Of course, it's the last kind of assistance the open source community would want at this time."

Once the MyDoom worm has infected a PC it attempts to spread via mass-emailing, and turns the computer into a "zombie" which can unwittingly launch the attack against SCO's website between 1 and 12 February.

"All computer users should ensure their computers are adequately protected against these kind of attacks with updated anti-virus and firewall software," continued Cluley.

Boro

iTrader: (1)

5 today

ChristianR

iTrader: (1)

75 between 9pm a 8am..

JackClark

Doing my bit to ecourage the disabling of auto responders. http://news.zdnet.co.uk/internet/sec...9143774,00.htm

New variant out yesterday, this one attacks Microsoft. McAfee products detected it before it was composed.

sasim

our IT boys tell me that the system has rejected 6000 e-mails in the least 1/2 of them were infected

They dindn't say why the other 3000 were rejected

rogp

I've had a steady stream today, about 2 every 5 minutes.

Markus

Well, things are settling down here.

Funny thing is that the PC users have not reported that many alerts from Norton AV, neither have the other mac users, looks like it's me that has been hit the hardest then! lol

I've got a mac, so don't get infected, but recived (marked as junk though) 2000 messages, looking at them, 80 percent were, as per another post, an email virus notification from someone's mail server, of the remaining 20 percent, 5 percent were actually infected messages, the remaing 15 percent were 'mail delivery' errors, again, due to the virus.

Thankfully the email notifcation thing seems to have stopped, as it was getting very silly.

Puff The Magic Wagon!

iTrader: (2)

Glad I'm not working atm

ianmiller999

Just had 3 so i am expecting a lovely full email box tomorrow. Speaking to my friend at fuzzmail now to see if he can stop the emails getting through to my web account.