Loading ...
Sorry, an error occurred while loading the content.

Virus alert!

Expand Messages
  • Turkish Radio Hour
    There indications--we received a few returned mails from two e-mail systems claiming that we have sent them virii--that are e-mail addresses are being used to
    Message 1 of 2 , Jan 28, 2004
    • 0 Attachment
      There indications--we received a few returned mails from two e-mail
      systems claiming that we have sent them virii--that are e-mail addresses
      are being used to send a new type of virus.

      TRH never sends viruses intentionally NOR OUR COMPUTERS CAN GET INFECTED
      AND SEND VIRUSES UNINTENTIONALLY: We are on a Unix computer that does not
      get infected by PC viruses, and, therefore cannot pass them on to the
      members of our lists. BUT a third party's computer can get infected and
      use our e-mail addresses and send a virus to you.

      Please take extra precaution in opening your e-mails, especially their
      attachments.

      Please read the following for more.


      Ahmet Toprak

      --------------------------------------------------------------------------------------


      As of January 26, 2004 1:47 PM (US Pacific Time), TrendMicro has declared
      a yellow alert to control the spread of WORM_MYDOOM.A (previously known as
      WORM_MIMAIL.R).

      This mass-mailing worm selects from a list of email subjects, message
      bodies, and attachment file names for its email messages. It spoofs the
      sender name of its messages so that they appear to have been sent by
      different users instead of the actual users on infected machines. (So, If
      you are NOT expecting any messages from anyone, please DO NOT OPEN any
      attachments to the emails that you receive.)

      It can also propagate through the Kazaa peer-to-peer file-sharing network.

      This worm runs on Windows 95, 98, ME, NT, 2000, and XP.





      It sends email with the following details:

      From: <Spoofed email address>
      Subject: (any of the following)
      <blank>
      <random characters>
      Error
      Status
      Server Report
      Mail Transaction Failed
      Mail Delivery System
      hello
      hi

      Message Body: (any of the following)
      <blank>
      <garbage data>
      The message contains Unicode characters and has been sent as a binary
      attachment.
      The message cannot be represented in 7-bit ASCII encoding and has been
      sent as a binary attachment.
      Mail transaction failed. Partial message is available.
      test

      Attachment: (any of the following file names)
      body
      message
      test
      data
      file
      text
      doc
      readme
      document

      (plus any of the following extensions)
      ZIP
      BAT
      EXE
      PIF
      SCR
      CMD

      The attachment may or may not arrived zipped. When zipped, it contains the
      worm executable file with the same file name and any of the described
      extensions. When unzipped, it uses either extensions, PIF or EXE.

      The spoofed sender address is taken from email addresses obtained from the
      system.





      Kazaa Propagation

      This worm also has capabilities to spread via Kazaa, a popular
      peer-to-peer file sharing application.

      It drops a copy of itself in the Kazaa shared folder with a file name
      chosen from the following list:

      nuke2004
      office_crack
      rootkitXP
      strip-girl-2.0bdcom_patchers
      activation_crack
      icq2004-final
      winamp5
      The dropped file can have any of the following extensions:

      BAT
      EXE
      PIF
      SCR
    Your message has been successfully submitted and would be delivered to recipients shortly.