MyDoom is back!

[Guest]

A newer version!

Comes in as an email explaining that your pc has been hacked and gets you to
send out spam! the virus is in the mail, it then opens a back door. there
are two versions
1. MyDoom.o
2. MyDoom.m

Stephen

http://vil.nai.com/vil/content/v_127033.htm
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39711
http://www.f-secure.com/v-descs/mydoom_m.shtml
http://www.sophos.com/virusinfo/analyses/w32mydoomo.html

 

[andy]

A newer version!

Comes in as an email explaining that your pc has been hacked and gets you to
send out spam! the virus is in the mail, it then opens a back door. there
are two versions
1. MyDoom.o
2. MyDoom.m

Stephen

Yep, got it early this afternoon already! Clever user didn't open the
attachment!

This was the text of the e-mail...

"Subject: Returned mail: Data format error

Dear user of <my domain>, administration of
<my domain> would like to inform you
We have detected that your e-mail account has been used to send a huge
amount of unsolicited email messages during this week.
Probably, your computer was compromised and now contains a hidden proxy
server.
We recommend you to follow instruction in order to keep your computer
safe.
Best regards,

The <my domain> support team."

Would have fooled some of my users!

The attachment was called message.zip and I suppose could be mistaken for a
returned message by some users.

Andy

 

[Carol Steinel]

A newer version!

Comes in as an email explaining that your pc has been hacked and gets you to
send out spam! the virus is in the mail, it then opens a back door. there
are two versions

Me too -- they really tried to get me with it too -- after the initial
message, got 5 or 6 apparently "returned emails" so that it looked like the
server was spewing spam -- the really funny part was that they signed off
with "Have a nice day, The (my domain name) support team."

Apparently, they don't realize that I AM the (my domain name) support team.
And this was the tip-off for me. I might have fallen for it otherwise, as
it came from the only un-munged email address showing on my web, and I had a
milli-second concern that the server was infected.

Thanks for posting this -- I was pretty sure it was a scam, but surfed this
board to double-check. Always nice to get such rapid validation.

Carol

 

[Gabriele Neukam]

On that special day, SpamDumP, ([email protected]) said...

there
are two versions
1. MyDoom.o
2. MyDoom.m

Not really, they are the same, termed by different companies. If anyone
wants to know how the fake texts are created, there is a detailed
description on Trend Micro's info site, part "technical details"

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.M&VSect=T

German description:

http://www.heise.de/security/artikel/49454

And it is bogging the search engines of Yahoo, Google, Altavista and
Lycos down, because it is trying to find even more addresses of the
domain it has itself sent to.


Gabriele Neukam

(e-mail address removed)

 

[Guest]

Like Duh....

as if we didnt know they where one and the same?

stephen

 

[Criminal Element]

Well. duh - then they arent two versions then are they?!!
YOU said they were - idiot!!!

Like Duh....

as if we didnt know they where one and the same?

stephen

 

[Nigel Marchant]

I had got it last night.