Updated Security alert!! W32/Mydoom@MM

Discussion in 'MCDST' started by Larry Samuels, Jan 29, 2004.

  1. PSS Security Response Team Alert - New Worm: W32/Mydoom@MM
    SEVERITY: MODERATE

    DATE: January 26, 2004

    Updated: January 28, 2004

    This alert is being updated to advise you of a new variant of the Mydoom
    worm, the Mydoom.b worm that was discovered on 28 January 2004. This new
    variant can impede access to some Web sites, including some microsoft.com
    web sites. This variant is identical to the original MyDoom in terms of its
    impact, and means of prevention. The alert below contains updated
    information for technical details, detection and recovery information
    specific to the newest variant. As new information becomes available we will
    update the TechNet alert and re-issue the PSS Security Alert.

    PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
    Web-based e-mail

    **********************************************************************

    WHAT IS IT?
    W32/Mydoom@MM spreads via e-mail. The Microsoft Product Support Services
    Security Team is issuing this alert to advise customers to be on the alert
    for this virus as it spreads in the wild. Customers are advised to review
    the information and take the appropriate action for their environments.

    IMPACT OF ATTACK:
    Mass Mailing, Denial of Service

    TECHNICAL DETAILS(UPDATED):
    For additional details on this worm from anti-virus software vendors
    participating in the Microsoft Virus Information Alliance (VIA) please visit
    the following links:

    Network Associates:
    http://vil.nai.com/vil/content/v_100988.htm

    Trend Micro:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.B

    Symantec
    http://securityresponse.symantec.com/avcenter/venc/data/

    Computer Associates:
    http://www3.ca.com/virusinfo/virus.aspx?ID=38114

    DETECTION (UPDATED):
    Most up to date Antivirus software can detect this virus. If you don't have
    AV software you can run some third party software to detect it:
    http://housecall.trendmicro.com/
    http://vil.nai.com/vil/stinger/

    For more information on Microsoft's Virus Information Alliance please visit
    this link:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/virus/via.asp

    Please contact your Antivirus Vendor for additional details on this virus.

    PREVENTION:

    Outlook 2000 post SP2 and Outlook 2002 SP2 include the most recent updates
    to improve the security in Outlook and other Office programs.

    To ensure you are using the latest version of Office click here:
    http://office.microsoft.com/ProductUpdates/default.aspx

    By default, Outlook 2000 pre SR1 and Outlook 98 did not include these
    updates, but it can be obtained by installing the Outlook E-mail Security
    Update. More information about the Outlook E-mail Security Update can be
    found here: http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

    Outlook Express 6 can be configured to block access to potentially-damaging
    attachments. Information about how to configure this can be found here:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291387

    Outlook Express all other versions: Previous versions of Outlook Express do
    not contain attachment-blocking functionality. Please exercise extreme
    caution when opening unsolicited e-mail messages with attachments.

    Web-based e-mail programs: Use of an application-level firewall can protect
    you from being infected with this virus through Web-based e-mail programs.

    RECOVERY (UPDATED):

    If your computer has been infected with this virus, please contact your
    preferred antivirus vendor or Microsoft Product Support Services for
    assistance with removing it.
    A potential symptom of infection with the MyDoom.B Virus is that you are you
    unable to visit your Antivirus vendors website or various Microsoft websites
    such as support.microsoft.com or windowsupdate.microsoft.com. If you are
    experiencing these symptoms please use the following manual commands to
    enable access to these websites:

    Go to Start Run and type cmd to get a command prompt. Within the command
    prompt, type the following commands:

    - del /F %systemroot%\system32\drivers\etc\hosts [enter]
    - echo # Temporary HOSTS file >%systemroot%\system32\drivers\etc\hosts
    [enter]
    - attrib +R %systemroot%\system32\drivers\etc\hosts [enter]

    On Windows NT, you must reboot after typing these commands.

    On Windows 2000, Windows XP, and Windows 2003, you do not need to reboot.
    Instead, you must type the following command:
    - ipconfig /flushdns [enter]

    If you have any questions, you should contact Product Support Services in
    the United States at 1-866-PCSafety (1-866-727-2338). International
    customers should contact their local subsidiary.

    Thank you,

    PSS Security
     
    Larry Samuels, Jan 29, 2004
    #1
    1. Advertising

  2. Larry Samuels

    Consultant Guest

    thanks larry! i'd like to contribute also and let you know that macys is
    having a valentines day sale!

    http://www.macys.com/catalog/index.ognc?CategoryID=544&LinkType=Homepage


    "Larry Samuels" <> wrote in message
    news:...
    > PSS Security Response Team Alert - New Worm: W32/Mydoom@MM
    > SEVERITY: MODERATE
    >
    > DATE: January 26, 2004
    >
    > Updated: January 28, 2004
    >
    > This alert is being updated to advise you of a new variant of the Mydoom
    > worm, the Mydoom.b worm that was discovered on 28 January 2004. This new
    > variant can impede access to some Web sites, including some microsoft.com
    > web sites. This variant is identical to the original MyDoom in terms of

    its
    > impact, and means of prevention. The alert below contains updated
    > information for technical details, detection and recovery information
    > specific to the newest variant. As new information becomes available we

    will
    > update the TechNet alert and re-issue the PSS Security Alert.
    >
    > PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
    > Web-based e-mail
    >
    > **********************************************************************
    >
    > WHAT IS IT?
    > W32/Mydoom@MM spreads via e-mail. The Microsoft Product Support Services
    > Security Team is issuing this alert to advise customers to be on the alert
    > for this virus as it spreads in the wild. Customers are advised to review
    > the information and take the appropriate action for their environments.
    >
    > IMPACT OF ATTACK:
    > Mass Mailing, Denial of Service
    >
    > TECHNICAL DETAILS(UPDATED):
    > For additional details on this worm from anti-virus software vendors
    > participating in the Microsoft Virus Information Alliance (VIA) please

    visit
    > the following links:
    >
    > Network Associates:
    > http://vil.nai.com/vil/content/v_100988.htm
    >
    > Trend Micro:
    >

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.B
    >
    > Symantec
    >

    http://securityresponse.symantec.com/avcenter/venc/data/
    >
    > Computer Associates:
    > http://www3.ca.com/virusinfo/virus.aspx?ID=38114
    >
    > DETECTION (UPDATED):
    > Most up to date Antivirus software can detect this virus. If you don't

    have
    > AV software you can run some third party software to detect it:
    > http://housecall.trendmicro.com/
    > http://vil.nai.com/vil/stinger/
    >
    > For more information on Microsoft's Virus Information Alliance please

    visit
    > this link:
    >

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/virus/via.asp
    >
    > Please contact your Antivirus Vendor for additional details on this virus.
    >
    > PREVENTION:
    >
    > Outlook 2000 post SP2 and Outlook 2002 SP2 include the most recent updates
    > to improve the security in Outlook and other Office programs.
    >
    > To ensure you are using the latest version of Office click here:
    > http://office.microsoft.com/ProductUpdates/default.aspx
    >
    > By default, Outlook 2000 pre SR1 and Outlook 98 did not include these
    > updates, but it can be obtained by installing the Outlook E-mail Security
    > Update. More information about the Outlook E-mail Security Update can be
    > found here: http://office.microsoft.com/Downloads/2000/Out2ksec.aspx
    >
    > Outlook Express 6 can be configured to block access to

    potentially-damaging
    > attachments. Information about how to configure this can be found here:
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291387
    >
    > Outlook Express all other versions: Previous versions of Outlook Express

    do
    > not contain attachment-blocking functionality. Please exercise extreme
    > caution when opening unsolicited e-mail messages with attachments.
    >
    > Web-based e-mail programs: Use of an application-level firewall can

    protect
    > you from being infected with this virus through Web-based e-mail programs.
    >
    > RECOVERY (UPDATED):
    >
    > If your computer has been infected with this virus, please contact your
    > preferred antivirus vendor or Microsoft Product Support Services for
    > assistance with removing it.
    > A potential symptom of infection with the MyDoom.B Virus is that you are

    you
    > unable to visit your Antivirus vendors website or various Microsoft

    websites
    > such as support.microsoft.com or windowsupdate.microsoft.com. If you are
    > experiencing these symptoms please use the following manual commands to
    > enable access to these websites:
    >
    > Go to Start Run and type cmd to get a command prompt. Within the command
    > prompt, type the following commands:
    >
    > - del /F %systemroot%\system32\drivers\etc\hosts [enter]
    > - echo # Temporary HOSTS file >%systemroot%\system32\drivers\etc\hosts
    > [enter]
    > - attrib +R %systemroot%\system32\drivers\etc\hosts [enter]
    >
    > On Windows NT, you must reboot after typing these commands.
    >
    > On Windows 2000, Windows XP, and Windows 2003, you do not need to reboot.
    > Instead, you must type the following command:
    > - ipconfig /flushdns [enter]
    >
    > If you have any questions, you should contact Product Support Services in
    > the United States at 1-866-PCSafety (1-866-727-2338). International
    > customers should contact their local subsidiary.
    >
    > Thank you,
    >
    > PSS Security
    >
    >
    >
     
    Consultant, Jan 29, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Larry Samuels

    Updated Security alert!! W32/Mydoom@MM

    Larry Samuels, Jan 29, 2004, in forum: Microsoft Certification
    Replies:
    1
    Views:
    517
    Consultant
    Jan 29, 2004
  2. Larry Samuels

    Updated Security alert!! W32/Mydoom@MM

    Larry Samuels, Jan 29, 2004, in forum: MCSE
    Replies:
    10
    Views:
    794
    The Poster Formerly Known as Kline Sphere
    Jan 29, 2004
  3. Toronto Garage Door Company

    ALERT: Virus Scam Alert!

    Toronto Garage Door Company, Nov 18, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    810
    andre
    Nov 18, 2003
  4. Bob B

    w32.mydoom

    Bob B, Feb 3, 2004, in forum: Computer Support
    Replies:
    20
    Views:
    1,215
    Boomer
    Feb 5, 2004
  5. =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=

    Alert..General Alert?..New Discovery?.

    =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=, Jul 24, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    585
    =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=
    Jul 24, 2007
Loading...

Share This Page