From Andrew Jameson, Russian Committee Chair.
If you are working from home (and do not have the
protection of a university IT section) DO NOT open
any email attachments, unless you are certain that they
come from a source which is safe.
A new email worm is circulating (See article below).
I have received 2 emails supposedly from Russia this
morning with the subject line "Hello" which invite me to open
an attachment (size 32KB - the size helps you identify it).
These are probably the self-opening zip files mentioned below.
Andrew Jameson
Chair, Russian Committee, ALL
Reviews Editor, Rusistika
Listowner russian-teaching list
Freelance tutor and translator
1 Brook Street
Lancaster LA1 1SL UK
Tel/fax 01524 32371
www.all-languages.org.uk
----- Original Message -----
From: "Serguei Oushakine" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, January 27, 2004 5:07 AM
Subject: Attention: Speedy Worm Invades E-Mail In-Boxes (washingtonpost.com )
Speedy Worm Invades E-Mail In-Boxes
By Brian Krebs
washingtonpost.com Staff Writer
Monday, January 26, 2004; 9:16 PM
A rapidly spreading e-mail worm on Monday afternoon shut down e-mail systems
at several large corporations and is causing problems for computer users
connected to the Internet, security experts said.
Known as "MyDoom," it is the fastest spreading e-mail worm ever, according
to Network Associates, the Santa Clara, Calif.-based maker of McAfee
Antivirus software. The company classified it as a "high alert," its most
severe status level.
Mydoom is wreaking havoc with businesses and home computer users, said
Steven Sundermeier, product manager for Central Command, an anti-virus
company in Medina, Ohio. Sundermeier said the worm is spreading fastest in
the United States and Europe.
The virus spreads in an e-mail message that looks like it was garbled during
its journey to the recipient's in-box. The body text urges recipients to
click on the attached file if the contents of the message are damaged or
unreadable. The virus launches when the attachment is opened.
Once a user's computer is infected, it is programmed to send large amounts
of data to the Web site of the SCO Group, a Lindon, Utah-based company that,
in effect, claims ownership over portions of the widely used Linux
open-source operating system. SCO is pursuing legal action against IBM Corp.
and other companies, asserting that Linux includes portions of the Unix
operating system to which it claims copyright ownership. The open-source
community disputes SCO's claims on Linux.
The more immediate problem for computers infected with the worm is that they
will automatically allow the virus's authors to connect remotely and upload
files such as malicious software to forward spam e-mails. The worm also
creates a mass-mailing of itself that is expected to clog many corporate
e-mail servers or slow down Internet traffic, according to Cupertino,
Calif.-based anti-virus software developer Symantec Corp.
Jimmy Kuo, a McAfee research fellow, said the worm has infected systems in
several of its largest clients, including banking and telecommunications
companies. Kuo declined to name the companies. There is no data available
yet on whether Internet traffic is moving more slowly than usual.
FBI officials did not return telephone calls seeking comment on whether law
enforcement is investigating the origins of the virus.
The Mydoom virus surfaced one year after the emergence of the "Slammer"
worm, which currently holds the title of fastest-spreading network worm.
Network worms, unlike e-mail worms, spread through known security holes in
operating systems and computer software and do not require users to do
anything to be infected or spread the infection.
Computer security experts said Mydoom is spreading rapidly because it uses
several layers of "social engineering" -- subtle means of psychological
persuasion -- to get people to open the attachment.
Most common e-mail worms and viruses spread when the recipient opens the
attached file, starting a program that infects the recipient's computer. The
Mydoom worm, however, harbors its payload in a "zip" format, a compressed
file that many corporate firewalls and anti-virus programs are designed to
let through untouched.
The attached file -- which arrives as an innocuously named file such as
"document.zip," "message.zip," or "readme.zip," contains a program that --
when opened -- immediately plants a "backdoor" program that lets the virus
writer upload files to the infected machine.
Experts still have not cracked all of Mydoom's encryption code, which may
hold clues about what else the worm is supposed to do.
Tony Magallanez, a systems engineer with San Jose, Calif., anti-virus
software maker F-Secure Corp., said worm writers often use encryption to buy
their creations as much time to spread as possible before experts can figure
out what they are doing.
"The basic idea here is trying to make it difficult for the anti-virus
researchers to stop whatever the worm is designed to do," Magallanez said.
Mydoom is already being compared to "Sobig.F," a worm that infected hundreds
of thousands of computers worldwide, and later installed software that
turned them into remotely controlled spamming machines.
Sobig spread at a rapid pace, giving the worm's author unrestricted access
to computers infected with the worm.The computers were programmed to visit
one of 20 Internet sites to download malicious software. An international
team of law enforcement officials and virus hunters found and shut down
those host Web sites hours before the infected army of hundreds of thousands
of PCs were scheduled to follow their instructions.
Like Sobig, Blaster and most other viruses, Mydoom targets computers running
the Windows operating system.
© 2004 TechNews.com
|