In recent days, I was one of the unfortunate persons to receive the "Mydoom" worm emails. Not just one, but at least forty appeared in my popserver mailbox. As frustrating as it was deleting all of these nasty little boogers, I realized that some of these "worm" emails even came from persons I knew - or so I thought I knew. The problem with the "Mydoom" email worm is that it specifically targets email addresses with the following extensions: - .htm
- .sht
- .php
- .asp
- .dbx
- .tbb
- .adb
- .pl
- .wab
- .txt
Furthermore, it sends "get" requests to target domains and uses direct connections to port 80. It will also attempt to send email messages using its own SMTP engine. The worm is successful by using a mail server that a recipient uses or local server as well. Some strings to these target domain names are: - gate.
- ns.
- relay.
- mail1.
- mxs.
- smtp.
- mail.
- mx.
The "Mydoom" worm will have subject headings such as: - "Returned Mail"
- "Delivery Error"
- "Status"
- "Server Report"
- "Mail Transaction Failed"
- "Mail Delivery System"
- "Hello/hello"
- "Hi/hi"
What persons need to realize is that even if you "know" the sender, you must make absolutely sure that any attachments are specifically clarified from the sender before you attempt to open these suspect emails. Most worms and viruses are spread directly through attachments. Unless you are expecting an attachment from a person you know, be cautious. Do NOT open attachments unless you are absolutely positive that your known correspondent has actually sent it to you. Another thing to remember is that the "Mydoom" worm ranges from 6,144 bytes to 29,184 bytes in size and can affect Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. Luckily, if you have DOS, Linux, Macintosh, OS/2 or UNIX, your systems will not be affected by the MyDoom worm. For those of you who share files through Kazaa, there is a new worm with aliases such as Worm.P2P.Apsiv (Kaspersky) and W32/Apsiv.worm!p2p (McAfee) and seemingly affects Windows systems 2000, 95, 98, Me, NT, Server 2003 and Windows XP. The damage profile has not yet been assessed, but it would be a good idea to steer clear of this one as well. "Keylogger.Stawin" is probably one of the nastiest viruses as it attempts to steal a user's online banking information. A Trojan is distributed through email messages with the subject line, "I still love you," and has a "message.zip" attachment. Affecting the same vunerable systems as mentioned above, Keylogger records keystrokes and has the ability to steal personal, financial information. A few systems that Keylogger monitors are window titles such as "PayPal," "Logon," and numerous other window titles associated with banking logins. Common Hoaxes A popular hoax circulating the Internet is an email titled, "FREE M &M's." Sorry guys - no M & M's here. More recently, you may have received the "Life is Beautiful" virus ... er, hoax. The "Life is Beautiful" virus is not real and should be ignored. This is only a scare tactic that causes unwarranted fears and concerns. In closing, the Internet is a massive electronical world filled with infinite bits of information. When using your "key" to this magnificent but vast window of versatile knowledge, it pays to use logic when distinguishing hoaxes from real threats such as viruses and worms. - To learn more about current viruses and worms, visit: http://search.symantec.com/custom/us/query.html
- For an updated listing of current email hoaxes, go to: http://securityresponse.symantec.com/avcenter/hoax.html
Copyright 2004 - All Rights Reserved
Computer Viruses, Worms and Hoaxes
by C. Bailey-Lloyd |
