Re: Virus Sample

[Guest greeneggsandspam]

Be careful of this spam. It says it is from support@symantec.com, but

if you right click on the message header this is where it is really

coming from Received: from mta104.bizmail.yahoo.com.

There is a virus attached to this file.

 

The sample file you sent contains a new virus version of mydoom.j.

Please clean your system with the attached signature.

 

Sincerly,

Robert Ferrew

 

I wish somebody could set up a bounty system to get these guys.

[Guest Dr. Doom]

Definitely do not open this file!!!!

 

W32.Mydoom.J@mm is an encrypted, mass-mailing worm that arrives as an attachment with either a .pif, .scr, .exe, .cmd, .bat, or .zip extension. The worm also contains keylogging capabilities.

 

Unlike previous Mydoom variants, W32.Mydoom.J@mm does not appear to act as a backdoor, and it is similar in functionality to W32.Mydoom.A@mm.

 

This threat is written in C++ and is packed with UPX.

 

 

Also Known As: WORM_MYDOOM.J [Trend], Win32.Mydoom.J [Computer Associates], W32/Mydoom.j@MM [McAfee]

 

Type: Worm

Infection Length: 50,688 bytes (.exe), approx 50,800-51,000 bytes (.zip)

 

 

 

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX

[Guest mari]

Your best bet is to subscribe to a reputable antivirus program and update it constantly.

 

The second thing you should do is never to open email that makes fradulent claims -- such as responding to a message you haven't sent or being from a 'friend' you've never heard of -- or that contains nonstandard English wording or misspellings of common words such as "sincerly" in the message under discussion. In my work in distance education I receive humdereds of such messages a week, and most fit into one of these three categories. Careful reading and a bit of common sense combined with a modest investment in virus protection can avert a catastrophe.