NASTY NEW VIRUS BEWARE!!!!Follow

Hackers unleashed an agile worm Monday -- using a sneaky, fairly new tactic to get unsuspecting computer users to diffuse their malicious code.

Dubbed "W32/MyDoom" or "Novarg," the worm circulated so fast anti-virus firms quickly raised threat warnings to "high" saying the bug was one of the worst in recent months.

The worm is contained in e-mails with random senders' addresses and subject lines. While the body of the e-mail varies, it usually includes what appears to be an error message, such as: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."

While many computer users are savvy about not opening executable files or other attachments that may contain viruses, the latest worm masks itself as an innocuous text document or a file that your computer appears unable to read.

"This one is almost begging you to click on the attachment," said Sharon Ruckman, the head of anti-virus firm Symantec's security response team.

When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself and installs a "keystroke" program that allows a hacker to break in and record everything being typed, including passwords and credit card numbers.

The worm sends out a slew of messages that forced some companies to shut down their e-mail gateways to stop the infection, said Vincent Gullotto, who runs Network Associates' McAfee Anti-Virus Emergency Response Team.

MyDoom also appeared to launch a Denial of Service attack on the site for SCO Group, a California company which recently sued IBM, challenging that firm's intellectual property in parts of Linux. SCO.com was inaccessible for some time Monday afternoon.

Anti-virus experts said MyDoom was on track to hit even more machines than Nimda, a 2001 worm that spread widely with an attachment that read "Readme.exe."

This time, besides the "binary attachment" message, MyDoom comes with all different file extensions including .pif, .zip and .csr. It also uses an attachment icon similar to one used for Windows text messages. All of this, security experts warn, was succeeding in tricking people into thinking the e-mail was legitimate.

After a relative lull in the number of viruses distributed during the holidays, anti-virus experts expected a hectic Tuesday as office workers fired-up their computers and unwittingly spread the worm.

Two other less prominent worms, Mimail.Q and Dumaru, were also making their way around the Internet.

Mimail.Q changes the body and attachment over time, but, for now, some of the e-mails containing the worm used the subject line: "Hi my sweet Nancy."

Dumaru comes with the subject line "Important information for you. Read it immediately!" and includes an attachment called myphoto.zip.

"The virus writers [are] ... back from vacation and they've started pushing out their creations," Gullotto warned.


I've already recieved 4 emails with some form of this virus....so watch out!!

Just as a reminder, I never send e-mail FROM kaolian@allakhazam.com. If you see one from that address, it's not me. Forward it on to me and I will deal with he issue.

I had one 2 days back.

The give-away was that it was claiming to be rejected mail from an address I hadn't sent to. My first thought was that I had an infected machine random-mailing but it tested negative.

The mail seemed to consist of a .eml and a .dat

Think before you open these things and it is fairly obvious.

If you didn't mail that address how can it be rejected?

If you sent it then why are the attachments not anything you sent?

You have no need to open any attachments on a rejected mail because you must have the original someplace

Time to update AV again I guess

Thanks for the heads up.