E
ed
no i did not open the attached file. my av missed it but so did alot
of the av's at virus total.
but i thought this method was all but over in favor of password
protected infected attachments.
"Attention: ** - 10:45:22 PM - 6/2/2007 - This is an automatically
generated message.
A virus was found in the last outgoing message you sent. Our incoming
email scanner intercepted it and stopped the entire message before it
could reach its intended recipient. The virus was reported to be: I-
Worm.Mydoom.M
Technical details: I-Worm.Mydoom.m spreads via Google and Yahoo mail
services as an attachment to infected messages.
The worm itself is a Windows PE EXE file approximately 27KB in size,
packed using UPX.
The unpacked file is approximately 89KB in size.
The worm is only activated when a user opens an archive and launches
the infected file by double-clicking on it. The worm will then install
itself to your system and begin propagating. This worm also contains a
dangerous backdoor function. When the worm opens TCP port 1034, it
allows itself to receive remote commands. These ports were found to be
open on your system during the message scan.
Please use the attached patch file to remove the virus and cleanse
your system of any remaining parts of the worm.
Aliases: I-Worm.Mydoom.m (Kaspersky Lab), W32/Mydoom.o@MM (McAfee),
W32.Mydoom.M@mm (Symantec), Win32.HLLM.MyDoom.54464 (Doctor Web),
W32/MyDoom-O (Sophos), Win32/Mydoom.O@mm (RAV), WORM_MYDOOM.M
(Trend Micro), Worm/Mydoom.M (H+BEDV), W32/Mydoom.O@mm (FRISK),
Win32:Mydoom-M (ALWIL), I-Worm/Mydoom.O (Grisoft), Win32.MydooM@mm
(SOFTWIN), Worm.Mydoom.M (ClamAV), W32/Mydoom.N.worm (Panda),
Win32/Mydoom.R (Eset)
Description added: 6/2/2007 (new)
Self-Replicating Email Worm
Removal tool attached to ** message at: 10:45:22 PM on 6/2/2007
__________________________________________
Originating Message Headers:
Received: ** (HELO) (193.224.106.80)
by ** with SMTP; 12 Jun 2006 14:17:46 -0500
To: thelist at lists.evolt.org
Subject: Virus Detection
Date: Mon, 12 Jun 2006 21:17:45 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0002_4F80D187.6B2DD9E9"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Apply the attached patch to cleanse your system of any files that were
dropped by the worm.
Postmaster Security Encryption Algorithm:
YBLDKHRHJLHFZBJFVSHOLVIBGKBYSTFVRFRWHE"
of the av's at virus total.
but i thought this method was all but over in favor of password
protected infected attachments.
"Attention: ** - 10:45:22 PM - 6/2/2007 - This is an automatically
generated message.
A virus was found in the last outgoing message you sent. Our incoming
email scanner intercepted it and stopped the entire message before it
could reach its intended recipient. The virus was reported to be: I-
Worm.Mydoom.M
Technical details: I-Worm.Mydoom.m spreads via Google and Yahoo mail
services as an attachment to infected messages.
The worm itself is a Windows PE EXE file approximately 27KB in size,
packed using UPX.
The unpacked file is approximately 89KB in size.
The worm is only activated when a user opens an archive and launches
the infected file by double-clicking on it. The worm will then install
itself to your system and begin propagating. This worm also contains a
dangerous backdoor function. When the worm opens TCP port 1034, it
allows itself to receive remote commands. These ports were found to be
open on your system during the message scan.
Please use the attached patch file to remove the virus and cleanse
your system of any remaining parts of the worm.
Aliases: I-Worm.Mydoom.m (Kaspersky Lab), W32/Mydoom.o@MM (McAfee),
W32.Mydoom.M@mm (Symantec), Win32.HLLM.MyDoom.54464 (Doctor Web),
W32/MyDoom-O (Sophos), Win32/Mydoom.O@mm (RAV), WORM_MYDOOM.M
(Trend Micro), Worm/Mydoom.M (H+BEDV), W32/Mydoom.O@mm (FRISK),
Win32:Mydoom-M (ALWIL), I-Worm/Mydoom.O (Grisoft), Win32.MydooM@mm
(SOFTWIN), Worm.Mydoom.M (ClamAV), W32/Mydoom.N.worm (Panda),
Win32/Mydoom.R (Eset)
Description added: 6/2/2007 (new)
Self-Replicating Email Worm
Removal tool attached to ** message at: 10:45:22 PM on 6/2/2007
__________________________________________
Originating Message Headers:
Received: ** (HELO) (193.224.106.80)
by ** with SMTP; 12 Jun 2006 14:17:46 -0500
To: thelist at lists.evolt.org
Subject: Virus Detection
Date: Mon, 12 Jun 2006 21:17:45 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0002_4F80D187.6B2DD9E9"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Apply the attached patch to cleanse your system of any files that were
dropped by the worm.
Postmaster Security Encryption Algorithm:
YBLDKHRHJLHFZBJFVSHOLVIBGKBYSTFVRFRWHE"
lain] - archive MAIL