|
|
|
Pat; Here's some information that might be of some help to you that was just published in a recent edition of the "Press of Atlantic City
.
It is my understanding that whomever has contracted the virus, has provided everybody's email address that is in their email directory ... which is sending the virus to all those people who open an attachment.
In other words, if your email address is in Joe SixPack's email directory ... and Joe SixPack has opened an email attachment he has received that contains a virus ... other people will be receiving emails with attachments that appear to be coming from you. It's nasty stuff. If folks using the internet don't have a virus protection program, they are exposing everyone in their email directories to this virus.
I NEVER open an attachment unless I know who it's coming from and what the subject matter is. Also, I sign my name to any emails I send. Virus laden emails don't know the sender's name... all they know is the email address.
Below is the Press article:
July 28, 2004
MyDoom Net virus back with new twist
By DAVID BENSON Staff Writer (609) 272-7206
A new version of an old virus swept around the Internet earlier this week, making four of the Net's major search engines nearly unreachable for about half the day.
And, because of its realistic appearance as e-mail, it can pose a serious threat to unprotected computer users.
MyDoom.M, also known as MyDoom.O, is a new variant on a virus that first hit the Net in January. "MyDoom.M is not the first one," said Ryan Leonard, network administrator for Dandy.net. "It started out as MyDoom.A, and only the people who haven't patched their systems are the ones who get the new virus."
The MyDoom virus is a self-mailing worm that opens a back door on a person's computer that can allow remote access. In earlier versions, MyDoom rifled through a user's address book and mailed copies of itself to everyone listed.
This variant has a new twist. It searches a person's hard drive for e-mail addresses and then uses those addresses as queries to Google, Yahoo, AltaVista and Lycos. For example, if the virus found DBenson@pressofac.com in someone's address book, MyDoom.M could then query Google for all known pressofac.com addresses.
Dan Berkowitz, a representative of Keynote Systems, said an overall slowdown Monday on the Internet appeared to be linked to the spread of the virus. Keynote is a firm that monitors the health of the Internet.
"The Internet as a whole may see slight degradation," Berkowitz said. "But the true nature of the effects of the virus are seen through the search step for the various top search engines: Lycos, Google, Yahoo, AltaVista."
Searches at the major engines - particularly Google - returned either a blank page or an error message Monday. That's because the number of queries generated by the virus - spread worldwide - acted like a denial-of-service attack, or DoS, on the search engines.
"These searches," Berkowitz said, "from thousands of infected computers, are causing some difficulties and slowdowns for the search engines."
By late afternoon Monday, Keynote said the search engines had begun responding again, and Google said in a release on its site that it was filtering requests.
Lloyd Taylor, vice president of technology for Keynote, said this was but the first round of potential problems for the search engines and Internet users.
"There are still hundreds of thousands of computers that have been implanted with a Trojan that allows a remote user to have complete control over infected machines," Taylor said. "Using this Trojan, your computer can be used for sending spam, hosting illegal content or launching DoS attacks without your knowledge."
A Trojan is a program that enters a user's computer undetected, giving the attacker who planted it unrestricted access to the data stored on the computer.
MyDoom.M is a Windows-only problem, although Macintosh and Linux users can be the recipients of bounced or redirected e-mails. Leonard said the best way area users can protect themselves is to stay on top of the updates at Microsoft and to use good anti-virus software, like Norton AntiVirus or McAfee Virus Scan.
They can found at the following Web sites:
windowsupdate.microsoft.com/
us.mcafee.com/
Linda Feeney, director of computer services at The Richard Stockton College of New Jersey, said the MyDoom variant did reach some users' computers at the school.
"Some people who were new to the campus opened it," Feeney said. "They thought it was real."
The message contained in MyDoom.M e-mail makes it appear as if it came from the support group of a user's Internet service provider. Its accusatory message says the user's account has been used to send spam, and directs the user to open an attached text file.
"If you open the attachment, it's the virus," Feeney said. "And this one's nasty, because it can re-install itself through a back door."
Feeney said people who have patched their systems, and are protected by anti-virus software, should be safe. But if a user who is not protected opens the virus, the virus can be difficult to remove. She recommended infected users seek professional help with area computer technicians.
For more information on MyDoom and other viruses, visit Stockton's Web site at
loki.stockton.edu/intech/spotlight-edefense.htm
To e-mail David Benson at The Press:
|
|
