Re: Mydoom Virus

From: Veronica Loell (lista_at_nakawe.se)
Date: 03/05/04 

Date: Fri, 05 Mar 2004 16:30:50 +0100

Ann wrote / skrev:

> Reviewed security information on MS website re:security
> and viruses. Used the checkup to see if mydoom was
> present. Was not. Now, I've begun receiving e-mails
> infected with mydoom. Coincidental? Hummm.

Mydoom harvests email-addresses from the infected computers. If you
where using a bonafide Microsoft tool then I would find it unlikely that
is the source of the infection. On the other hand, if you went to a link
that you recieved in an email or a messenger popup and did not go to MS
site and click along to the security area then you could have downloaded
anything.

Have you investigated the source of the emails, i.e. the IP-address that
 they originate from and checked out what ISP it is?

Are you concerned that you are infected? or are you thinking that by
simply downloading something from the internet your email-address is
made available to a virus-infected machine? If the second, then I'm
guessing that you supplied your email-address when downloading?

Apart from your regular antivirus-program I would run STINGER
http://vil.nai.com/vil/stinger/ if I thought that I might have a
massmailing worm on my computer. There are also several online scanners
that you can use.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Symantec:
http://security.symantec.com/

It is not quite clear from your post what you think the problem is so
perhaps you can elaborate a little?

- Veronica Loell

Relevant Pages

  • Re: infected Exchange 5.5
    ... I still don't think that a real Mydoom infection would be sending messages ... out through your Exchange server, so my guess is that what you're seeing is ...
    (microsoft.public.exchange.admin)
  • Re: W32.SwenA@mm virus is so dammed annoying.
    ... server based on the filters. ... >> find a discussion of the effects of the 'swen' worm and ways you can ... >> e-mail for virus infection. ... >> downloading of e-mail messages (Veronica Loell posts information about ...
    (microsoft.public.security)
  • Re: W32.SwenA@mm virus is so dammed annoying.
    ... server based on the filters. ... >> find a discussion of the effects of the 'swen' worm and ways you can ... >> e-mail for virus infection. ... >> downloading of e-mail messages (Veronica Loell posts information about ...
    (microsoft.public.security.virus)
  • Re: Return delivery notice w/o attachment
    ... I'm pretty confident of my AV, and downloading the email, but in ... > within some setup that does not allow HTML e-mail, ... > infected, and the infection was removed, either by converting it to text, ... and confident of your ...
    (microsoft.public.security.virus)
  • Re: OS X Malware Creates iBotnet In The Wild
    ... Ian Hilliard wrote: ... Basically since his arguments fell apart, he said there were millions of Windows viruses. ... So you figure the people who downloaded the pirate version are still downloading and uploading with Bittorrent software so they won't notice. ... It is extremely difficult to stop this sort of social engineering infection without stopping users from installing software all together. ...
    (comp.sys.mac.advocacy)