anybody else get an email from Phunkmaster Phlex?

[vinzclortho]

I'm a bit wary aboot openin it as it's a .zip file and I know thar be a virus goin 'round what bears the .zip extension. so Phunk, lord of the hot97 airwaves, que est el dealio mang? Is this thing "safe" or do I need to clean it with bleach and fire before opening it?

[acostiga]

e-mail i got from tech support this morning...

A new computer virus began propagating across the Internet Monday afternoon. We are currently protected against this virus. We know that some emails did get into the corporation prior to getting protection in place. If you received an email from an unknown sender and it includes an attachment with, but not limited to, one of the following names, body.zip, document.zip, message.zip, readme.zip and text.zip. Please delete the email without opening the attachment.

If you have opened the attachment take your PC down and contact the helpdesk for assistance.

[The Reverend Floater]

Originally posted by acostiga


...take your PC down....

I can just imagine some cube monkey form-tackling his PC and wrapping the cord forcibly around the monitor...

[phUnk]

Look for a thread from AH (or The AD) about the virus. It basically just means that someone with my email addy in their address book got infected and it forged an email to you.

Except for a slight discharge back in high-school (coffee allergy, it turned out), I've never been infected with a virus.

[CaddyDaddy77]

"Linux worm"

[FreakofSnow]

what if I didn't get an email from phUnk? is that okay? or does that mean i have the virus? should I PM?

[vinzclortho]

Originally posted by FreakofSnow
what if I didn't get an email from phUnk? is that okay? or does that mean i have the virus? should I PM?

it means you totally have the virus and probably got it from phunk. rub some 'tussin on it and keep it out of direct sunlight and you'll be a-set. and for chrissake don't pick at it

[seldon]

A computer virus that began spreading swiftly across the Internet on Monday is coded to launch an attack on the SCO Group's Web servers on Sunday, according to antivirus companies.


Computers infected with the "MyDoom" virus will begin to attempt to connect to the main page of the SCO company's website on Feb. 1. The connection requests will come roughly every second from each of the estimated thousands of machines that are now infected, in an attempt to overload SCO's Web server and knock the company's site off the Internet.

On Tuesday morning, the MyDoom virus was present in one out of every 12 e-mails, according to e-mail security firm MessageLabs, surpassing the SoBig.F virus which, at its peak last summer, was found in one out of every 17 e-mails. SoBig currently tops many antivirus vendor's charts as the most active virus to ever hit the Internet.

But MyDoom may soon top SoBig. More than 1.2 million copies of the virus have been stopped by MessageLabs since it started circulating mid-Monday afternoon and MessageLabs expects that the virus will continue to spread at a furious rate on Tuesday.

The denial of service attacks against SCO could continue until Feb. 12, when the virus is coded to stop spreading, according to antivirus vendors F-Secure and Symantec.

"Arguments between SCO and the open source community have been continuing for some months. It appears that the author of MyDoom may have taken the war of words from the courtrooms and Internet message boards to a new level by unleashing this worm which attacks SCO's website," said Chris Belthoff, senior security analyst for Sophos, an antivirus vendor.

"If we ever get our hands on MyDoom's creator our guess is that he will be an open source sympathizer."

But while some at geek discussion site Slashdot joked that MyDoom was "the first virus they would willingly load onto their computers" the vast majority condemned the virus writer, saying that SCO should be confronted in the courtroom, not through virus and denial of service attacks.

"This is someone who just wants to feel important and who thinks that by DDoS'ing SCO everyone will call him a hero. Well, you stupid ignorant bastard, if you're reading this -- and you probably are since you expect that the Slashdot hordes will applaud your bravery in damaging thousands of people's computers -- no one admires you," one post on Slashdot read. "Anyone who wants to see SCO suffer for the wrongs they have done should unequivocally condemn such acts of terrorism. SCO will be broken by the weight of justice and right, not by mindless thugware."

According to Internet services firm Netcraft, SCO's site has already experienced some sporadic problems, which may coming from infected computers whose date/clock function is set incorrectly.

Several hours after the virus began spreading on Monday, at about 5 p.m. EST, the SCO website was offline briefly. SCO's site was also occasionally offline on Tuesday morning. The company did not immediately respond to requests for comment.

SCO's website was reportedly also the target of two denial of service attacks last August which took the site offline for several days.

The SCO-stalking virus, dubbed MyDoom by antivirus vendor Network Associates and Novarg by Symantec, affects only computers running the Windows operating system.

It arrives as an e-mail attachment with one of seven subject lines, including "Test," "Hi," or "Mail Transaction Failed." Users who click on the attachment activate the virus.

When executed, the virus first opens up Windows' Notepad, and fills it with garbage data. The virus then scours the computer for e-mail addresses, and e-mails itself to a random selection of those addresses. It ignores e-mail addresses that end in .edu.

The virus then looks for the file sharing application Kazaa on the infected hard drive, and, if found, will copy itself to the folder in which Kazaa users store files that they want to share. The virus disguises itself as various programs that would allow users to activate or hack various applications, including Microsoft Office. Some antivirus companies also report that MyDoom opens a backdoor in infected systems that could allow malicious hackers to remotely control compromised computers and use them to spew spam or other viruses.

"This is certainly the first major virus outbreak of 2004," said Mark Sunner, chief technology officer at MessageLabs. "Not only is it causing major nuisance damage through the sheer volume of email it's generating but it may also leave a backdoor wide open for hackers to take control of the machine."

Sunner said the first copy of MyDoom that MessageLabs saw, at 8:03 a.m. EST on Tuesday morning, was sent from a Russian e-mail address.

Antivirus vendors warned that MyDoom is an indication of a very active virus season.

"Get ready for more worms like MyDoom," said Ken Dunham, of security firm iDefense. "This is just the beginning of many copycat attacks building upon the success of SoBig.F and other worms of 2003."

"With so many successful worms in the wild, many users have given into complacency. They have adopted the idea, 'what can I do?' that there will just be another worm or new vulnerability every day they turn on their computer. Technology is clearly not meeting the needs of the average computer user."

Antivirus companies Sophos and F-secure have released free tools to purge my doom from infected computers.

And in happier or possibly ominous other virus news, last week's worm, W32/Bagel-A, is set to kill itself on Wednesday. That may mean the worm stops spreading, or it may mean the virus coder intends to release a new creation.

"We have seen this kind of auto-destruct routine used in the past, most memorably by the author of SoBig who released new versions of his worm after the predecessor expired," said Graham Cluley, senior technology consultant for Sophos.

"One can only wonder why the worm's author has chosen to include a 'self-suicide date' at which the worm would no longer spread," Cluley added "but we're delighted to wish Bagle a 'happy deathday' on Wednesday."


from wired news.
-john