subject: Re: new virus posted: Wed, 28 Jan 2004 17:34:11 -0000
Hiya,
No, *I* don't have the virus! My inbox is filling with emails from
people who do, however.
I found many copies of the worm (about 119 copies) in my inbox on the
day it came out (the 26th). I get 0-day wormz! :)
It was indeed Novarg - I checked The Reg the next day and it
described the item I found.
This series of events (find worm, update sigs, virusscanner does not
detect it, a day later, read about worm on net, update sigs,
virusscanner does detect it) .... is very troubling.
It highlights the fact that anti-virus software is reactive, not
proactive.
Date sent: Tue, 27 Jan 2004 15:07:10 +0000
To: [email protected]
From: Martin Thompson <[email protected]>
Subject: Re: new virus
> 00:46:37 Tue, 27 Jan 2004
> Stuart Udall at Stuart Udall <[email protected]> writes:
> >32k, i updated my sigs but it sees nothing, the virus has the string
> >"sync.c by andy 2004/01/xx xx.xx.xx" in it.
> >
> >Compressed with UPX. filling my inbox. wahey! :)
> >
> >filter on this in the message body:
> >
> >Mail transaction failed. Partial message is available
> >
> >Stuart
> >
> >---
> > * Origin: [adminz] tech, security, support (192.168.0.2)
> >
>
>
> Sounds like you have Novarg, AKA MyDoom:
>
> http://securityresponse.symantec.com/avcenter/venc/data/[email protected] > tml
>
> --
> Martin Thompson [email protected]
> London, UK Home Page: http://www.tucana.demon.co.uk > Web Shop: http://buy.at/tucana > Mobile Phone Ring Tones: http://www.ringamoby.com >
> "Everything I do and say with anyone makes a difference." Gita Bellin
---
* Origin: [adminz] tech, security, support (192.168.0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:04:19
search: