Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > New Worm Virus!

Reply
Thread Tools

New Worm Virus!

 
 
PseUDO
Guest
Posts: n/a
 
      11-02-2003
Another one called MiMail is spreading as a Zip file..

pasted from NeoWin

"A NEW variant of the MiMail worm family, version C, is proliferating across the world, according to security firm iDefense.
MiMail.C has a DDoS component to attack DarkProfits domains and there's likely to be increased activity on Port 80"

"Anti-viral programs should be tweaked to check compressved archives, But some AV progs might experience difficulties scanning such
archives. There is a free removal tool. The EXE file can be found at Bit Defender"

http://www.bitdefender.com

PseUDO




 
Reply With Quote
 
 
 
 
Lennier
Guest
Posts: n/a
 
      11-02-2003
On Sun, 02 Nov 2003 18:28:15 +1300, PseUDO wrote:

> Another one called MiMail is spreading as a Zip file.


Please would you explain how a worm can infect a computer when it is
zipped up in an archive file.

Just curious because I thought zip archives were a reasonably good means
of sending stuff via email.

Lennier

 
Reply With Quote
 
 
 
 
PseUDO
Guest
Posts: n/a
 
      11-02-2003

"Lennier" <(E-Mail Removed)> wrote in message newsan.2003.11.02.06.48.05.771080@TRACKER...
> On Sun, 02 Nov 2003 18:28:15 +1300, PseUDO wrote:
>
> > Another one called MiMail is spreading as a Zip file.

>
> Please would you explain how a worm can infect a computer when it is
> zipped up in an archive file.
>
> Just curious because I thought zip archives were a reasonably good means
> of sending stuff via email.
>
> Lennier
>

The .zip file contains one file inside called readnow.doc.scr so people that have got "hide known file types" hidden will only see
the .doc and click it and then they are infected!.

PseUDO


 
Reply With Quote
 
Lennier
Guest
Posts: n/a
 
      11-02-2003
On Sun, 02 Nov 2003 19:56:38 +1300, PseUDO wrote:

>> > Another one called MiMail is spreading as a Zip file.

>>
>> Please would you explain how a worm can infect a computer when it is
>> zipped up in an archive file.
>>
>> Just curious because I thought zip archives were a reasonably good means
>> of sending stuff via email.

>
> The .zip file contains one file inside called readnow.doc.scr so people
> that have got "hide known file types" hidden will only see the .doc and
> click it and then they are infected!.


Ah!

So zip archives per se are still OK - it's just that some people think
they're getting a zipped M$ Word file when they're getting a zipped
executable.

So golden rule number 29 - always set M$ Windows to show all file
types by setting each individual file type to show the extension - is
essential for preventing this sort of dupe.

Lennier

 
Reply With Quote
 
T.N.O.
Guest
Posts: n/a
 
      11-02-2003
PseUDO wrote:
> The .zip file contains one file inside called readnow.doc.scr so people that have got "hide known file types" hidden will only see
> the .doc and click it and then they are infected!.


Doesnt sound like a smart virus writer... most users wont know how to
open a zip file.

and yes, I realise that you can just double click on it, but that is too
much for a hell of a lot of users.
 
Reply With Quote
 
Nicholas Sherlock
Guest
Posts: n/a
 
      11-02-2003
PseUDO wrote:
> Another one called MiMail is spreading as a Zip file..
>
> pasted from NeoWin
>
> "A NEW variant of the MiMail worm family, version C, is proliferating
> across the world, according to security firm iDefense. MiMail.C has a
> DDoS component to attack DarkProfits domains and there's likely to be
> increased activity on Port 80"


Hah, Darkprofits - I know who wrote this then. It's the same disgruntled
ex-darkprofits forum user who has been spamming people with unrelated spam
(With darkprofits pasted all over it) to get Darkprofits in trouble.

Cheers,
Nicholas Sherlock


 
Reply With Quote
 
Mainlander
Guest
Posts: n/a
 
      11-03-2003
In article <pan.2003.11.02.06.48.05.771080@TRACKER>,
http://www.velocityreviews.com/forums/(E-Mail Removed)lid says...
> On Sun, 02 Nov 2003 18:28:15 +1300, PseUDO wrote:
>
> > Another one called MiMail is spreading as a Zip file.

>
> Please would you explain how a worm can infect a computer when it is
> zipped up in an archive file.


It can infect any executable in there, also zips can be made into self
extracting executables.
 
Reply With Quote
 
Mainlander
Guest
Posts: n/a
 
      11-03-2003
In article <pan.2003.11.02.07.23.37.987147@TRACKER>,
(E-Mail Removed)lid says...
> On Sun, 02 Nov 2003 19:56:38 +1300, PseUDO wrote:
>
> >> > Another one called MiMail is spreading as a Zip file.
> >>
> >> Please would you explain how a worm can infect a computer when it is
> >> zipped up in an archive file.
> >>
> >> Just curious because I thought zip archives were a reasonably good means
> >> of sending stuff via email.

> >
> > The .zip file contains one file inside called readnow.doc.scr so people
> > that have got "hide known file types" hidden will only see the .doc and
> > click it and then they are infected!.

>
> Ah!
>
> So zip archives per se are still OK - it's just that some people think
> they're getting a zipped M$ Word file when they're getting a zipped
> executable.
>
> So golden rule number 29 - always set M$ Windows to show all file
> types by setting each individual file type to show the extension - is
> essential for preventing this sort of dupe.


The setting is in Windows explorer. it's an idea they copied from Apple,
whose filenames show no extensions.
 
Reply With Quote
 
Lennier
Guest
Posts: n/a
 
      11-03-2003
On Mon, 03 Nov 2003 13:30:33 +1300, Mainlander wrote:

>> Please would you explain how a worm can infect a computer when it is
>> zipped up in an archive file.

>
> It can infect any executable in there, also zips can be made into self
> extracting executables.


Um...

How can it infect a zip archive when it isn't on my system?

And, BTW, I wasn't speaking about "self-extracting executable" files - I
was speaking about ZIP archives.

And if it is inside a zip archive, then how can it infect a computer?
Surely a person would have to open the archive, extract the infected file
and THEN run the infected file before it could infect a computer.

Chances of that happening are pretty remote...

Oh yeah - you're using Micro$oft Outlook/Express - disregard all the above
about how hard it would be to infect a computer.

Thankfully, I use my Linux workstation to read all my email - possibility
of infection = 0.0000000000000001 percent.

Lennier

 
Reply With Quote
 
T.N.O.
Guest
Posts: n/a
 
      11-03-2003
Lennier wrote:
> Oh yeah - you're using Micro$oft Outlook/Express - disregard all the above
> about how hard it would be to infect a computer.


WTF? his headers say "MicroPlanet Gravity v2.60"
Which from what I last read, may be going open source...

and even so, My copy of Outlook Express doesnt open zip archives by default.

> Thankfully, I use my Linux workstation to read all my email - possibility
> of infection = 0.0000000000000001 percent.


My windows box has only had one virus, and that was introduced by a
friend when he was trying to grab cracks for some software.
The rest dont get to inbox, and if they do, get binned before they get
to my mail client
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Experts Warn of Kama Sutra Worm (yet another MS worm) Imhotep Computer Security 4 01-30-2006 01:53 PM
Worm\Spybot (P2P-Worm.Win32.SpyBot.a) Danny Computer Information 0 08-14-2005 01:09 PM
worm/spybot.17.t (worm spybot 17t) detected by AVG code_wrong Computer Security 0 05-15-2004 04:40 PM
Antigen found VIRUS= I-Worm.Sobig.f (Kaspersky,CA(InoculateIT)) worm ANTIGEN_ML-MAIL Ruby 0 09-09-2003 07:11 PM
New anti-blaster worm attempts to fix RPC/DCOM vuln - W32/Nachi.worm Lord Shaolin Computer Security 6 08-20-2003 10:39 PM



Advertisments