Computer Viruses, Worms and Hoaxes

Feb 4
22:00

2004

Lady Camelot

Lady Camelot

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Computer Viruses, Worms and Hoaxesby Lady Camelot In recent days, I was one of the ... persons to receive the "Mydoom" worm emails. Not just one, but at least forty appeared in my ... ma

mediaimage

Computer Viruses,Computer Viruses, Worms and Hoaxes Articles Worms and Hoaxes
by Lady Camelot

In recent days, I was one of the unfortunate persons to receive the "Mydoom" worm emails. Not just one, but at least forty appeared in my popserver mailbox. As frustrating as it was deleting all of these nasty little boogers, I realized that some of these "worm" emails even came from persons I knew - or so I thought I knew.

The problem with the "Mydoom" email worm is that it specifically targets email addresses with the following extensions:

* .htm
* .sht
* .php
* .asp
* .dbx
* .tbb
* .adb
* .pl
* .wab
* .txt

Furthermore, it sends "get" requests to target domains and uses direct connections to port 80. It will also attempt to send email messages using its own SMTP engine. The worm is successful by using a mail server that a recipient uses or local server as well. Some strings to these target domain names are:

* gate.
* ns.
* relay.
* mail1.
* mxs.
* smtp.
* mail.
* mx.

The "Mydoom" worm will have subject headings such as:

* "Returned Mail"
* "Delivery Error"
* "Status"
* "Server Report"
* "Mail Transaction Failed"
* "Mail Delivery System"
* "Hello/hello"
* "Hi/hi"

What persons need to realize is that even if you "know" the sender, you must make absolutely sure that any attachments are specifically clarified from the sender before you attempt to open these suspect emails. Most worms and viruses are spread directly through attachments. Unless you are expecting an attachment from a person you know, be cautious. Do NOT open attachments unless you are absolutely positive that your known correspondent has actually sent it to you. Another thing to remember is that the "Mydoom" worm ranges from 6,144 bytes to 29,184 bytes in size and can affect Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. Luckily, if you have DOS, Linux, Macintosh, OS/2 or UNIX, your systems will not be affected by the MyDoom worm.

For those of you who share files through Kazaa, there is a new worm with aliases such as Worm.P2P.Apsiv (Kaspersky) and W32/Apsiv.worm!p2p (McAfee) and seemingly affects Windows systems 2000, 95, 98, Me, NT, Server 2003 and Windows XP. The damage profile has not yet been assessed, but it would be a good idea to steer clear of this one as well.

"Keylogger.Stawin" is probably one of the nastiest viruses as it attempts to steal a user's online banking information. A Trojan is distributed through email messages with the subject line, "I still love you," and has a "message.zip" attachment. Affecting the same vunerable systems as mentioned above, Keylogger records keystrokes and has the ability to steal personal, financial information. A few systems that Keylogger monitors are window titles such as "PayPal," "Logon," and numerous other window titles associated with banking logins.

Common Hoaxes

A popular hoax circulating the Internet is an email titled, "FREE M &M's." Sorry guys - no M & M's here. More recently, you may have received the "Life is Beautiful" virus ... er, hoax. The "Life is Beautiful" virus is not real and should be ignored. This is only a scare tactic that causes unwarranted fears and concerns.

In closing, the Internet is a massive electronical world filled with infinite bits of information. When using your "key" to this magnificent but vast window of versatile knowledge, it pays to use logic when distinguishing hoaxes from real threats such as viruses and worms. To learn more about current viruses and worms, go to: http://search.symantec.com/custom/us/query.html
For an updated listing of current email hoaxes, go to: http://securityresponse.symantec.com/avcenter/hoax.html