- There indications--we received a few returned mails from two e-mail
systems claiming that we have sent them virii--that are e-mail addresses
are being used to send a new type of virus.
TRH never sends viruses intentionally NOR OUR COMPUTERS CAN GET INFECTED
AND SEND VIRUSES UNINTENTIONALLY: We are on a Unix computer that does not
get infected by PC viruses, and, therefore cannot pass them on to the
members of our lists. BUT a third party's computer can get infected and
use our e-mail addresses and send a virus to you.
Please take extra precaution in opening your e-mails, especially their
Please read the following for more.
As of January 26, 2004 1:47 PM (US Pacific Time), TrendMicro has declared
a yellow alert to control the spread of WORM_MYDOOM.A (previously known as
This mass-mailing worm selects from a list of email subjects, message
bodies, and attachment file names for its email messages. It spoofs the
sender name of its messages so that they appear to have been sent by
different users instead of the actual users on infected machines. (So, If
you are NOT expecting any messages from anyone, please DO NOT OPEN any
attachments to the emails that you receive.)
It can also propagate through the Kazaa peer-to-peer file-sharing network.
This worm runs on Windows 95, 98, ME, NT, 2000, and XP.
It sends email with the following details:
From: <Spoofed email address>
Subject: (any of the following)
Mail Transaction Failed
Mail Delivery System
Message Body: (any of the following)
The message contains Unicode characters and has been sent as a binary
The message cannot be represented in 7-bit ASCII encoding and has been
sent as a binary attachment.
Mail transaction failed. Partial message is available.
Attachment: (any of the following file names)
(plus any of the following extensions)
The attachment may or may not arrived zipped. When zipped, it contains the
worm executable file with the same file name and any of the described
extensions. When unzipped, it uses either extensions, PIF or EXE.
The spoofed sender address is taken from email addresses obtained from the
This worm also has capabilities to spread via Kazaa, a popular
peer-to-peer file sharing application.
It drops a copy of itself in the Kazaa shared folder with a file name
chosen from the following list:
The dropped file can have any of the following extensions: