i havnt recived one virus this year
damn im going to have to get some less secure customers and give my users more power!
This afternoon, antivirus software vendors starting tracking a dangerous
new worm, dubbed MyDoom. Early indications are that MyDoom is spreading
rapidly and clogging up business networks and the Internet. For example,
McAfee has rated the virus as "High-Outbreak" for both corporate and
consumer users. Symantec rates MyDoom "4," it's second highest rating.
The volume of traffic could be much larger than last year's soBig
outbreak, which would make this virus worthy of the name soMuchBigger.
The sophistication of the virus is a reminder that hackers and virus
writers should be treated as criminals and not noble antisocialists.
Like Blaster, which delivered a delay mechanism for attacking
Microsoftâ₠¬â„¢s Windows Update on a certain date, MyDoom has a target: SCO.
MyDoom outbreak may turn out to be one of the more sophisticated viruses
in recent memory. The virus appears to use multiple avenues of attack
(e-mail for certain and possible file-sharing or remote-access programs)
harnesses the multitude of infect computers to attack a single host
(SCO) and protects the binaries with encryption (to thwart quick
antivirus response and damage assessment).
Delivery is via e-mail, typically as a message returned for some error.
Itâ₠¬ÃƒÂ¢Ã¢â‚¬Å¾Ã‚¢s almost habit for more experienced users to open such a mail and its
attachment to see which important message got bounced back. The tactic
clearly targets the kind of sophisticated user that normally wouldnââ‚Ã⠀šÃ‚¬ÃƒÂ¢Ã¢â‚¬Å¾Ã‚¢t
open such an e-mail attachment.
Apparently all Windows version from 95 on are susceptible to MyDoom, but
not Linux, Mac OS or Unix. People that use Outlook 2000 SP2 or later are
safest, as long as the default settings--these block the kind of
attachments carrying MyDoom--havenââ‚ƚ¬Ã¢â€žÂ¢t been changed. The greater danger
would be businesses running older versions of Outlook or consumer PCs
using e-mail, say, Outlook Express. Microsoft plans to add attachment
blocking to Outlook Express, but that update is months away.
Published warnings from antivirus vendors suggest a dangerous worm
potentially capable of spreading through file sharing or allowing remote
access through a port opened in infected systems. I would strongly
encourage system administrators seeking to eradicate an infection to
shut down all unneeded network services and to search for open ports on
compromised systems. Network administrators should start by checking
port 3127.
I strongly encourage network administrators to quarantine computers and
networks immediately. As a general practice, files with the extensions
.bat, .exe, .htm, .pif, .scr or .vbs should be blocked at the e-mail
client or server.
Antivirus companies are still investigating MyDoom, but what they have
found so far indicates the worm will be a tough clean-up. MyDoom changes
Windows Registry settings and dumps files in the KaZaA download
directory on computers with the peer-to-peer software installed.
http://www.microsoftmonitor.com/archives/002217.html