Note: To protect the privacy of our members, e-mail addresses have been removed from the archived messages. As a result, some links may be broken.
Find Lesson Plans on getty.edu! GettyGames

Latest Virus Alert - Mass Mailing Worm]

---------

From: Maggie White (mwhiteaz_at_TeacherArtExchange)
Date: Tue Jan 27 2004 - 18:04:29 PST

Hi, all,

I'm sending you the whole e-mail I just got from the online tech
newsletter; they are legit and the info sound. As always, the safest
way to protect yourself is to never open any attachment from anyone
unless you're expecting it.

Maggie
=======================================================
<http://www.datadoctors.com>

1/26/04 Virus Alert! - Mass Mailing Worm

(1/26/04) Mass Mailing e-mail worm in wide distribution.
Named the W32.Novarg.A@mm (Norton), W32/Mydoom@MM (McAfee),
WORM_MIMAIL.R (Trend Micro)

The worm generally arrives as an attachment to e-mail with the file
extension .bat, .cmd, .exe, .pif, .scr, or .zip. If you open an infected
attachment, a backdoor program will be installed into the system that
will allow a remote attacker to access and make use of the computer.
This worm is designed to attack all current versions of Windows but does
not affect DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x based systems.

Infected messages will generally have the following characteristics:

From: Usually a spoofed 'from' address, meaning that the address used is
not the actual sender... DO NOT BLAME THE SENDER, AS THEY ARE AN
INNOCENT PARTY TO THE WORM!

Subject: (Generally one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error

Message: (Generally, one of the following)
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary
attachment.
The message cannot be represented in 7-bit ASCII encoding and has been
sent as a binary attachment.

Attachment: (Generally one of the following)
document
readme
doc
text
file
data
test
message
body
-----------------------------------------------------------------------
Notes:
The attachment may have two suffixes. If so, the first suffix will be
one of the following:
.htm
.txt
.doc

The worm will always end with one of the following suffixes:
.pif
.scr
.exe
.cmd
.bat
.zip

This worm also copies itself to Kazaa download folders as one of the
following files in an attempt to spread via the popular file sharing
network:

winamp5
icq2004-final
activation_crack
strip-girl-2.0bdcom_patches
rootkitXP
office_crack
nuke2004

with a file extension of:

.pif
.scr
.bat
.exe

More details can be found here:

http://www.sarc.com/avcenter/venc/data/w32.novarg.a@mm.html

****************************************************************
This email was sent to you because someone at this email address opted
in to our mailing list.
If you do not wish to receive further mailings from our list, simply
click here and send the new email:
announcements-unsubscribe@doc1.datadoctors.com?subject=unsubscribe
<mailto:announcements-unsubscribe@doc1.datadoctors.com?subject=unsubscribe>
Please note that you may receive an email confirming your unsubscribe
request; to confirm simply reply to the email and send it.
Upon sending this confirmation to unsubscribe, you will be immediately
removed from our mailing list.

You may contact the individual responsible for managing this mailing
list at:
announcements-owner@doc1.datadoctors.com
<mailto:announcements-owner@doc1.datadoctors.com>.
To report mailing list abuse, please email:
abuse-listreport@doc1.datadoctors.com
<mailto:abuse-listreport@doc1.datadoctors.com>.
****************************************************************

Powered By:

http://www.datadoctors.com
<http://doc1.datadoctors.com/datadr/email_marketing.html> 

---