Post by Salem6 on Jan 27, 2004 10:56:32 GMT
A malicious new computer virus spread via e-mail is clogging networks and may allow unauthorised access to personal computers, experts warn.
The worm, called Mydoom or Novarg, is carried as an e-mail attachment and sends itself out to new e-mail addresses once opened by the recipient.
Computer users are advised to update anti-virus software
The virus may also open a "back door" to the computer to give hackers access.
"As far as I can tell right now, it's pretty much everywhere on the planet," said one anti-virus expert.
Thousands of e-mails triggered by the worm were bombarding networks within hours of its discovery, warned Vincent Gullotto, vice-president of California-based Network Associates' emergency response team.
'Technical thing'
Unlike many of its predecessors, Mydoom does not entice the recipient to open the attachment by promising nude pictures or personal messages.
MYDOOM DETAILS
From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further
Instead, the e-mail carrying the virus often bears the subject "Test" or "Status". The message inside may read: "The message contains Unicode characters and has been sent as a binary attachment".
"Because that sounds like a technical thing, people may be more apt to think it's legitimate," the Associated Press news agency quoted Steve Trilling of Symantec, an anti-virus company, as saying.
The worm only affects computers which use Microsoft Windows.
Users who delete or ignore the e-mail attachment - which usually ends .exe, .scr, .zip, .cmd or .pif - avoid damage.
Symantec said the worm also appeared to contain a programme that recorded keystrokes entered on infected machines. This could allow it to collect usernames and passwords from unsuspecting users.
Other companies said the virus, once fully activated, told Windows to receive instructions from another computer.
However, other companies did not detect such capabilities.
The worm, called Mydoom or Novarg, is carried as an e-mail attachment and sends itself out to new e-mail addresses once opened by the recipient.
Computer users are advised to update anti-virus software
The virus may also open a "back door" to the computer to give hackers access.
"As far as I can tell right now, it's pretty much everywhere on the planet," said one anti-virus expert.
Thousands of e-mails triggered by the worm were bombarding networks within hours of its discovery, warned Vincent Gullotto, vice-president of California-based Network Associates' emergency response team.
'Technical thing'
Unlike many of its predecessors, Mydoom does not entice the recipient to open the attachment by promising nude pictures or personal messages.
MYDOOM DETAILS
From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further
Instead, the e-mail carrying the virus often bears the subject "Test" or "Status". The message inside may read: "The message contains Unicode characters and has been sent as a binary attachment".
"Because that sounds like a technical thing, people may be more apt to think it's legitimate," the Associated Press news agency quoted Steve Trilling of Symantec, an anti-virus company, as saying.
The worm only affects computers which use Microsoft Windows.
Users who delete or ignore the e-mail attachment - which usually ends .exe, .scr, .zip, .cmd or .pif - avoid damage.
Symantec said the worm also appeared to contain a programme that recorded keystrokes entered on infected machines. This could allow it to collect usernames and passwords from unsuspecting users.
Other companies said the virus, once fully activated, told Windows to receive instructions from another computer.
However, other companies did not detect such capabilities.