New Worm Virus!

Discussion in 'NZ Computing' started by PseUDO, Nov 2, 2003.

  1. PseUDO

    PseUDO Guest

    Another one called MiMail is spreading as a Zip file..

    pasted from NeoWin

    "A NEW variant of the MiMail worm family, version C, is proliferating across the world, according to security firm iDefense.
    MiMail.C has a DDoS component to attack DarkProfits domains and there's likely to be increased activity on Port 80"

    "Anti-viral programs should be tweaked to check compressved archives, But some AV progs might experience difficulties scanning such
    archives. There is a free removal tool. The EXE file can be found at Bit Defender"

    http://www.bitdefender.com

    PseUDO
    PseUDO, Nov 2, 2003
    #1
    1. Advertising

  2. PseUDO

    Lennier Guest

    On Sun, 02 Nov 2003 18:28:15 +1300, PseUDO wrote:

    > Another one called MiMail is spreading as a Zip file.


    Please would you explain how a worm can infect a computer when it is
    zipped up in an archive file.

    Just curious because I thought zip archives were a reasonably good means
    of sending stuff via email.

    Lennier
    Lennier, Nov 2, 2003
    #2
    1. Advertising

  3. PseUDO

    PseUDO Guest

    "Lennier" <> wrote in message news:pan.2003.11.02.06.48.05.771080@TRACKER...
    > On Sun, 02 Nov 2003 18:28:15 +1300, PseUDO wrote:
    >
    > > Another one called MiMail is spreading as a Zip file.

    >
    > Please would you explain how a worm can infect a computer when it is
    > zipped up in an archive file.
    >
    > Just curious because I thought zip archives were a reasonably good means
    > of sending stuff via email.
    >
    > Lennier
    >

    The .zip file contains one file inside called readnow.doc.scr so people that have got "hide known file types" hidden will only see
    the .doc and click it and then they are infected!.

    PseUDO
    PseUDO, Nov 2, 2003
    #3
  4. PseUDO

    Lennier Guest

    On Sun, 02 Nov 2003 19:56:38 +1300, PseUDO wrote:

    >> > Another one called MiMail is spreading as a Zip file.

    >>
    >> Please would you explain how a worm can infect a computer when it is
    >> zipped up in an archive file.
    >>
    >> Just curious because I thought zip archives were a reasonably good means
    >> of sending stuff via email.

    >
    > The .zip file contains one file inside called readnow.doc.scr so people
    > that have got "hide known file types" hidden will only see the .doc and
    > click it and then they are infected!.


    Ah!

    So zip archives per se are still OK - it's just that some people think
    they're getting a zipped M$ Word file when they're getting a zipped
    executable.

    So golden rule number 29 - always set M$ Windows to show all file
    types by setting each individual file type to show the extension - is
    essential for preventing this sort of dupe.

    Lennier
    Lennier, Nov 2, 2003
    #4
  5. PseUDO

    T.N.O. Guest

    PseUDO wrote:
    > The .zip file contains one file inside called readnow.doc.scr so people that have got "hide known file types" hidden will only see
    > the .doc and click it and then they are infected!.


    Doesnt sound like a smart virus writer... most users wont know how to
    open a zip file.

    and yes, I realise that you can just double click on it, but that is too
    much for a hell of a lot of users.
    T.N.O., Nov 2, 2003
    #5
  6. PseUDO wrote:
    > Another one called MiMail is spreading as a Zip file..
    >
    > pasted from NeoWin
    >
    > "A NEW variant of the MiMail worm family, version C, is proliferating
    > across the world, according to security firm iDefense. MiMail.C has a
    > DDoS component to attack DarkProfits domains and there's likely to be
    > increased activity on Port 80"


    Hah, Darkprofits - I know who wrote this then. It's the same disgruntled
    ex-darkprofits forum user who has been spamming people with unrelated spam
    (With darkprofits pasted all over it) to get Darkprofits in trouble.

    Cheers,
    Nicholas Sherlock
    Nicholas Sherlock, Nov 2, 2003
    #6
  7. PseUDO

    Mainlander Guest

    In article <pan.2003.11.02.06.48.05.771080@TRACKER>,
    lid says...
    > On Sun, 02 Nov 2003 18:28:15 +1300, PseUDO wrote:
    >
    > > Another one called MiMail is spreading as a Zip file.

    >
    > Please would you explain how a worm can infect a computer when it is
    > zipped up in an archive file.


    It can infect any executable in there, also zips can be made into self
    extracting executables.
    Mainlander, Nov 3, 2003
    #7
  8. PseUDO

    Mainlander Guest

    In article <pan.2003.11.02.07.23.37.987147@TRACKER>,
    lid says...
    > On Sun, 02 Nov 2003 19:56:38 +1300, PseUDO wrote:
    >
    > >> > Another one called MiMail is spreading as a Zip file.
    > >>
    > >> Please would you explain how a worm can infect a computer when it is
    > >> zipped up in an archive file.
    > >>
    > >> Just curious because I thought zip archives were a reasonably good means
    > >> of sending stuff via email.

    > >
    > > The .zip file contains one file inside called readnow.doc.scr so people
    > > that have got "hide known file types" hidden will only see the .doc and
    > > click it and then they are infected!.

    >
    > Ah!
    >
    > So zip archives per se are still OK - it's just that some people think
    > they're getting a zipped M$ Word file when they're getting a zipped
    > executable.
    >
    > So golden rule number 29 - always set M$ Windows to show all file
    > types by setting each individual file type to show the extension - is
    > essential for preventing this sort of dupe.


    The setting is in Windows explorer. it's an idea they copied from Apple,
    whose filenames show no extensions.
    Mainlander, Nov 3, 2003
    #8
  9. PseUDO

    Lennier Guest

    On Mon, 03 Nov 2003 13:30:33 +1300, Mainlander wrote:

    >> Please would you explain how a worm can infect a computer when it is
    >> zipped up in an archive file.

    >
    > It can infect any executable in there, also zips can be made into self
    > extracting executables.


    Um...

    How can it infect a zip archive when it isn't on my system?

    And, BTW, I wasn't speaking about "self-extracting executable" files - I
    was speaking about ZIP archives.

    And if it is inside a zip archive, then how can it infect a computer?
    Surely a person would have to open the archive, extract the infected file
    and THEN run the infected file before it could infect a computer.

    Chances of that happening are pretty remote...

    Oh yeah - you're using Micro$oft Outlook/Express - disregard all the above
    about how hard it would be to infect a computer.

    Thankfully, I use my Linux workstation to read all my email - possibility
    of infection = 0.0000000000000001 percent.

    Lennier
    Lennier, Nov 3, 2003
    #9
  10. PseUDO

    T.N.O. Guest

    Lennier wrote:
    > Oh yeah - you're using Micro$oft Outlook/Express - disregard all the above
    > about how hard it would be to infect a computer.


    WTF? his headers say "MicroPlanet Gravity v2.60"
    Which from what I last read, may be going open source...

    and even so, My copy of Outlook Express doesnt open zip archives by default.

    > Thankfully, I use my Linux workstation to read all my email - possibility
    > of infection = 0.0000000000000001 percent.


    My windows box has only had one virus, and that was introduced by a
    friend when he was trying to grab cracks for some software.
    The rest dont get to inbox, and if they do, get binned before they get
    to my mail client
    T.N.O., Nov 3, 2003
    #10
  11. PseUDO

    Lennier Guest

    On Mon, 03 Nov 2003 14:32:59 +1300, T.N.O. wrote:

    > My windows box has only had one virus


    My Linux box has never had a virus.

    Come to think about it, nor have I had an infection on my Windows box.

    Lennier
    Lennier, Nov 3, 2003
    #11
  12. PseUDO

    Lennier Guest

    On Mon, 03 Nov 2003 14:32:59 +1300, T.N.O. wrote:

    >> Oh yeah - you're using Micro$oft Outlook/Express - disregard all the
    >> above about how hard it would be to infect a computer.

    >
    > WTF? his headers say "MicroPlanet Gravity v2.60" Which from what I last
    > read, may be going open source.


    Just shows how much interest I take in Dunford and his software.

    Lennier
    Lennier, Nov 3, 2003
    #12
  13. PseUDO

    T.N.O. Guest

    Lennier wrote:
    >>My windows box has only had one virus


    > My Linux box has never had a virus.
    > Come to think about it, nor have I had an infection on my Windows box.


    Actually, it depends on whether having one(as in known) is the same as
    being infected by one... I mean if I knowingly have a virus sitting in a
    file, does that mean that Im infected, or just that I have one.

    Personally, I know I had one, but my machine was not infected.
    T.N.O., Nov 3, 2003
    #13
  14. PseUDO

    Mainlander Guest

    In article <pan.2003.11.03.01.19.41.998169@TRACKER>,
    lid says...
    > On Mon, 03 Nov 2003 13:30:33 +1300, Mainlander wrote:
    >
    > >> Please would you explain how a worm can infect a computer when it is
    > >> zipped up in an archive file.

    > >
    > > It can infect any executable in there, also zips can be made into self
    > > extracting executables.

    >
    > Um...
    >
    > How can it infect a zip archive when it isn't on my system?


    Duh! It infected the zip file in someone else's computer

    >
    > And, BTW, I wasn't speaking about "self-extracting executable" files - I
    > was speaking about ZIP archives.
    >
    > And if it is inside a zip archive, then how can it infect a computer?
    > Surely a person would have to open the archive, extract the infected file
    > and THEN run the infected file before it could infect a computer.


    Virus theory 101...

    >
    > Chances of that happening are pretty remote...
    >
    > Oh yeah - you're using Micro$oft Outlook/Express - disregard all the above
    > about how hard it would be to infect a computer.


    Prejudice wins over knowledge any day does it?

    Outlook etc don't automatically open zip files, or for that matter any
    kind of attachment.

    I'm not using Outlook to write this message either.
    Mainlander, Nov 3, 2003
    #14
  15. PseUDO

    Lennier Guest

    On Mon, 03 Nov 2003 15:00:40 +1300, T.N.O. wrote:

    > Lennier wrote:
    >>>My windows box has only had one virus

    >
    >> My Linux box has never had a virus.
    >> Come to think about it, nor have I had an infection on my Windows box.

    >
    > Actually, it depends on whether having one(as in known) is the same as
    > being infected by one... I mean if I knowingly have a virus sitting in a
    > file, does that mean that Im infected, or just that I have one.
    >
    > Personally, I know I had one, but my machine was not infected.


    Back when I was using my Windows98 box for email I had an email or three
    that had viruses attached - quickly deleted I might add, but I've
    never had an actual infection.

    So I s'pose that's like your situation.

    Lennier
    Lennier, Nov 3, 2003
    #15
  16. PseUDO

    Lennier Guest

    On Mon, 03 Nov 2003 15:34:25 +1300, Mainlander wrote:

    > I'm not using Outlook to write this message either.


    As if I cared what you use...

    Lennier
    Lennier, Nov 3, 2003
    #16
  17. PseUDO

    T.N.O. Guest

    Lennier wrote:
    >>>My Linux box has never had a virus.
    >>>Come to think about it, nor have I had an infection on my Windows box.


    >>Actually, it depends on whether having one(as in known) is the same as
    >>being infected by one... I mean if I knowingly have a virus sitting in a
    >>file, does that mean that Im infected, or just that I have one.
    >>Personally, I know I had one, but my machine was not infected.


    > Back when I was using my Windows98 box for email I had an email or three
    > that had viruses attached - quickly deleted I might add, but I've
    > never had an actual infection.
    > So I s'pose that's like your situation.


    OMG, an un-holy union... Lennier and myself have just agreed on something.

    I never knew it could happen. :)
    T.N.O., Nov 3, 2003
    #17
  18. PseUDO

    Mainlander Guest

    In article <pan.2003.11.03.02.47.40.657401@TRACKER>,
    lid says...
    > On Mon, 03 Nov 2003 15:34:25 +1300, Mainlander wrote:
    >
    > > I'm not using Outlook to write this message either.

    >
    > As if I cared what you use...


    You care enough to lie about it
    Mainlander, Nov 3, 2003
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ar Q

    Is there a new virus/worm today?

    Ar Q, Jul 12, 2004, in forum: Computer Support
    Replies:
    19
    Views:
    1,554
    Buffalo
    Jul 14, 2004
  2. Lord Shaolin
    Replies:
    6
    Views:
    2,503
    John Tate
    Aug 20, 2003
  3. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    605
    code_wrong
    May 15, 2004
  4. Imhotep
    Replies:
    4
    Views:
    565
    Edw. Peach
    Jan 30, 2006
  5. Danny

    Worm\Spybot (P2P-Worm.Win32.SpyBot.a)

    Danny, Aug 14, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    483
    Danny
    Aug 14, 2005
Loading...

Share This Page