Variant: [email protected]

  • Thread starter Thread starter PA Bear
  • Start date Start date
P

PA Bear

MyDoom Variant Emerges, Targets Microsoft
(Wed January 28, 2004 02:38 PM ET)
http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=4231557

Most AV's will have newly updated definitions again today (28 Jan-04).

~PA Bear

<paste>
Some limited descriptions:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100988
http://www.viruslist.com/eng/viruslist.html?id=850737
http://www.f-secure.com/v-descs/mydoom_b.shtml
http://www.sarc.com/avcenter/venc/data/[email protected]
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.B

Initial observations show this as a LOW or 1-2 out of 5.

Unique from Mydoom.a:
Mydoom.b replaces the standard file 'hosts' in the Windows directory into
with its own version (under the same name). This file will now prevent user
access to the following domains:

ad.doubleclick.net
ad.fastclick.net
ads.fastclick.net
ar.atwola.com
atdmt.com
avp.ch
avp.com
avp.ru
awaps.net
banner.fastclick.net
banners.fastclick.net
ca.com
click.atdmt.com
clicks.atdmt.com
dispatch.mcafee.com
download.mcafee.com
download.microsoft.com
downloads.microsoft.com
engine.awaps.net
fastclick.net
f-secure.com
ftp.f-secure.com
ftp.sophos.com
go.microsoft.com
liveupdate.symantec.com
mast.mcafee.com
mcafee.com
media.fastclick.net
msdn.microsoft.com
my-etrust.com
nai.com
networkassociates.com
office.microsoft.com
phx.corporate-ir.net
secure.nai.com
securityresponse.symantec.com
service1.symantec.com
sophos.com
spd.atdmt.com
support.microsoft.com
symantec.com
update.symantec.com
updates.symantec.com
us.mcafee.com
vil.nai.com
viruslist.ru
windowsupdate.microsoft.com
www.avp.ch
www.avp.com
www.avp.ru
www.awaps.net
www.ca.com
www.fastclick.net
www.f-secure.com
www.kaspersky.ru
www.mcafee.com
www.my-etrust.com
www.nai.com
www.networkassociates.com
www.sophos.com
www.symantec.com
www.trendmicro.com
www.viruslist.ru
www3.ca.com [sic]


Kelly Marshall
Forum Administrator
McAfee Technical Support
http://forums.mcafeehelp.com
</paste>
 
Not Symantec! Last update 26 January 2004!


--

~~~~~~

Regards.

Gerry

~~~~~~~~~~~~~~~~~~~~~~~~
FCA
(e-mail address removed)
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
 
<thwack> /You/ owe /me/ a beer! <eg>

<paste>
*Intelligent Updater*
Virus Definitions created January 27
Virus Definitions released January 27
Norton AntiVirus Corp. Edition:
Defs Version: 60127f
Sequence Number: 27554
Extended Version: 1/27/2004 rev. 6
Total Viruses Detected: *64897*

[versus]

*LiveUpdate* [feh!]
Virus Definitions released January 26
Norton AntiVirus Corp. Edition:
Defs Version: 60126x
Sequence Number: 27542
Extended Version: 1/26/2004 rev. 24
Total Viruses Detected: *64896*

</paste>
http://securityresponse.symantec.com/

As you're well aware, for some time now I've been recommending users seek
updates /manually/ every day the machine's connect to the 'net. Now you
know why.
--
~PAÞ
Not Symantec! Last update 26 January 2004!> MyDoom Variant Emerges, Targets Microsoft
(Wed January 28, 2004 02:38 PM ET)
http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=4231557

Most AV's will have newly updated definitions again today (28 Jan-04).

~PA Bear

<paste>
Some limited descriptions:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100988
http://www.viruslist.com/eng/viruslist.html?id=850737
http://www.f-secure.com/v-descs/mydoom_b.shtml
http://www.sarc.com/avcenter/venc/data/[email protected]
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.B

Initial observations show this as a LOW or 1-2 out of 5.

Unique from Mydoom.a:
Mydoom.b replaces the standard file 'hosts' in the Windows directory into
with its own version (under the same name). This file will now prevent user
access to the following domains:

ad.doubleclick.net
ad.fastclick.net
ads.fastclick.net
ar.atwola.com
atdmt.com
avp.ch
avp.com
avp.ru
awaps.net
banner.fastclick.net
banners.fastclick.net
ca.com
click.atdmt.com
clicks.atdmt.com
dispatch.mcafee.com
download.mcafee.com
download.microsoft.com
downloads.microsoft.com
engine.awaps.net
fastclick.net
f-secure.com
ftp.f-secure.com
ftp.sophos.com
go.microsoft.com
liveupdate.symantec.com
mast.mcafee.com
mcafee.com
media.fastclick.net
msdn.microsoft.com
my-etrust.com
nai.com
networkassociates.com
office.microsoft.com
phx.corporate-ir.net
secure.nai.com
securityresponse.symantec.com
service1.symantec.com
sophos.com
spd.atdmt.com
support.microsoft.com
symantec.com
update.symantec.com
updates.symantec.com
us.mcafee.com
vil.nai.com
viruslist.ru
windowsupdate.microsoft.com
www.avp.ch
www.avp.com
www.avp.ru
www.awaps.net
www.ca.com
www.fastclick.net
www.f-secure.com
www.kaspersky.ru
www.mcafee.com
www.my-etrust.com
www.nai.com
www.networkassociates.com
www.sophos.com
www.symantec.com
www.trendmicro.com
www.viruslist.ru
www3.ca.com [sic]


Kelly Marshall
Forum Administrator
McAfee Technical Support
http://forums.mcafeehelp.com
</paste>
Click to expand...
 
PA said:
<thwack> /You/ owe /me/ a beer! <eg>

<paste>
*Intelligent Updater*
Virus Definitions created January 27
Virus Definitions released January 27
Norton AntiVirus Corp. Edition:
Defs Version: 60127f
Sequence Number: 27554
Extended Version: 1/27/2004 rev. 6
Total Viruses Detected: *64897*
Click to expand...

The 27th defs don't work for the new variant.

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Virus Definitions (Intelligent Updater) *
January 28, 2004

Symantec *FINALLY* got the 28th defs up on their site. Boy, am I glad I
dropped Symantec at home!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
 
PA said:
<Bwaa-ha-ha> Gerry owes both of us a beer!
Click to expand...

I'm 'bout ready for a pint of Guinness. Cheers!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
 
My Jan 27 McAfee definitions reported no virus, but now you report a
variant. I'll have to update again, geez. Well, thanks for the warning.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| MyDoom Variant Emerges, Targets Microsoft
| (Wed January 28, 2004 02:38 PM ET)
|
http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=4231557
|
| Most AV's will have newly updated definitions again today (28 Jan-04).
|
| ~PA Bear
|
| <paste>
| Some limited descriptions:
|
|
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100988
| http://www.viruslist.com/eng/viruslist.html?id=850737
| http://www.f-secure.com/v-descs/mydoom_b.shtml
| http://www.sarc.com/avcenter/venc/data/[email protected]
|
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.B
|
| Initial observations show this as a LOW or 1-2 out of 5.
|
| Unique from Mydoom.a:
| Mydoom.b replaces the standard file 'hosts' in the Windows directory
into
| with its own version (under the same name). This file will now prevent
user
| access to the following domains:
|
| ad.doubleclick.net
| ad.fastclick.net
| ads.fastclick.net
| ar.atwola.com
| atdmt.com
| avp.ch
| avp.com
| avp.ru
| awaps.net
| banner.fastclick.net
| banners.fastclick.net
| ca.com
| click.atdmt.com
| clicks.atdmt.com
| dispatch.mcafee.com
| download.mcafee.com
| download.microsoft.com
| downloads.microsoft.com
| engine.awaps.net
| fastclick.net
| f-secure.com
| ftp.f-secure.com
| ftp.sophos.com
| go.microsoft.com
| liveupdate.symantec.com
| mast.mcafee.com
| mcafee.com
| media.fastclick.net
| msdn.microsoft.com
| my-etrust.com
| nai.com
| networkassociates.com
| office.microsoft.com
| phx.corporate-ir.net
| secure.nai.com
| securityresponse.symantec.com
| service1.symantec.com
| sophos.com
| spd.atdmt.com
| support.microsoft.com
| symantec.com
| update.symantec.com
| updates.symantec.com
| us.mcafee.com
| vil.nai.com
| viruslist.ru
| windowsupdate.microsoft.com
| www.avp.ch
| www.avp.com
| www.avp.ru
| www.awaps.net
| www.ca.com
| www.fastclick.net
| www.f-secure.com
| www.kaspersky.ru
| www.mcafee.com
| www.my-etrust.com
| www.nai.com
| www.networkassociates.com
| www.sophos.com
| www.symantec.com
| www.trendmicro.com
| www.viruslist.ru
| www3.ca.com [sic]
|
|
| Kelly Marshall
| Forum Administrator
| McAfee Technical Support
| http://forums.mcafeehelp.com
| </paste>
|
 
Good. Now check again. Both Norton and AVG had yet another new database on
the 29th. It'd be hard to believe MvAfee <blech> didn't also.

Tell your friends, especially those who are send MyDoom.[pick a letter] and
Mimail.S to me every minute of the day.
 
Yes, McAfee has 1/29 definitions, & they still found nothing in here.
I'm not getting much in my Inbox, because, as I said, I take nothing
100 MBs by message rule. They still do show up at NetZero's "E-mail on
Click to expand...
the WEB", although I could swear I turned that off. Well, thanks again.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| Good. Now check again. Both Norton and AVG had yet another new
database on
| the 29th. It'd be hard to believe MvAfee <blech> didn't also.
|
| Tell your friends, especially those who are send MyDoom.[pick a
letter] and
| Mimail.S to me every minute of the day.
| --
| ~PAB
|
| PCR wrote:
| > My Jan 27 McAfee definitions reported no virus, but now you report a
| > variant. I'll have to update again, geez. Well, thanks for the
warning.
| >
| >> MyDoom Variant Emerges, Targets Microsoft
| >> (Wed January 28, 2004 02:38 PM ET)
| >>
| >
|
http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=4231557
| >>
| >> Most AV's will have newly updated definitions again today (28
Jan-04).
|
 
Back
Top