{"id":5674,"date":"2004-01-27T09:05:27","date_gmt":"2004-01-27T16:05:27","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/wp\/2004\/01\/27\/infectious.html"},"modified":"2004-01-27T09:05:27","modified_gmt":"2004-01-27T16:05:27","slug":"infectious","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2004\/01\/27\/infectious.html","title":{"rendered":"Infectious"},"content":{"rendered":"<p>In case you&#8217;ve been under a rock, there&#8217;s a <a title=\"New virus infects PCs, whacks SCO - News - ZDNet\" href=\"http:\/\/zdnet.com.com\/2100-1105_2-5147605.html\">new computer virus in town<\/a>, the MyDoom or Novarg virus.<\/p>\n<p class=\"block\">The virus&#8211;known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies&#8211;arrives in an in-box with one of several different random subject lines, such as &#8220;Mail Delivery System,&#8221; &#8220;Test&#8221; or &#8220;Mail Transaction Failed.&#8221; The body of the e-mail contains an executable file and a statement such as: &#8220;The message contains Unicode characters and has been sent as a binary attachment.&#8221; <br \/>\n&#8220;It&#8217;s huge,&#8221; said Vincent Gullotto, vice president of security software maker Network Associates&#8217; antivirus emergency response team. &#8220;We have it as a high-risk outbreak.&#8221; <br \/>\nIn one hour, Network Associates itself received 19,500 e-mails bearing the virus from 3,400 unique Internet addresses, Gullotto said. One large telecommunications company has already shut down its e-mail gateway to stop the virus.<br \/>\nOnce the virus infects a Windows-running PC, it installs a program that allows the computer to be controlled remotely. The program primes the PC to send data to the SCO Group&#8217;s Web server, starting Feb. 1, a virus researcher said on the condition of anonymity.<\/p>\n<p>As always, update your AV software; if it hasn&#8217;t been automatically updated yet, then manually go out and grab the current signature file and engine.  Etc.<\/p>\n<p><u>UPDATE<\/u>:  The following is from the <a href=\"http:\/\/vil.nai.com\/vil\/content\/v_100983.htm\">NAI AV site<\/a>:<\/p>\n<p class=\"block\">This is a mass-mailing and peer-to-peer file-sharing worm that arrives in an email message as follows:<br \/>\n<b>From<\/b>: (spoofed email sender)<br \/>\n<b>Subject<\/b>: (Varies, such as)<br \/>\n&#8211; The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.<br \/>\n&#8211; The message contains Unicode characters and has been sent as a binary attachment.<br \/>\n&#8211; Mail transaction failed. Partial message is available.<br \/>\n&#8211; Error<br \/>\n&#8211; Status<br \/>\n&#8211; Server Report<br \/>\n&#8211; Mail Transaction Failed<br \/>\n&#8211; Mail Delivery System<br \/>\n&#8211; hello<br \/>\n&#8211; hi<\/p>\n<p>More info is also available at <a href=\"http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/w32.novarg.a@mm.html\">Symantec&#8217;s site<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In case you&#8217;ve been under a rock, there&#8217;s a new computer virus in town, the MyDoom or Novarg virus. The virus&#8211;known as MyDoom, Novarg and as a variant of the&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_robots_follow":"","_seopress_robots_imageindex":"","_seopress_robots_snippet":"","_seopress_robots_primary_cat":"","_seopress_robots_breadcrumbs":"","_seopress_robots_freeze_modified_date":"","_seopress_robots_custom_modified_date":"","_seopress_robots_canonical":"","_seopress_social_fb_title":"","_seopress_social_fb_desc":"","_seopress_social_fb_img":"","_seopress_social_fb_img_attachment_id":0,"_seopress_social_fb_img_width":0,"_seopress_social_fb_img_height":0,"_seopress_social_twitter_title":"","_seopress_social_twitter_desc":"","_seopress_social_twitter_img":"","_seopress_social_twitter_img_attachment_id":0,"_seopress_social_twitter_img_width":0,"_seopress_social_twitter_img_height":0,"_seopress_redirections_value":"","_seopress_redirections_enabled":"","_seopress_redirections_enabled_regex":"","_seopress_redirections_logged_status":"","_seopress_redirections_param":"","_seopress_redirections_type":0,"_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[39],"tags":[],"class_list":["post-5674","post","type-post","status-publish","format-standard","hentry","category-spam"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":5491,"url":"https:\/\/hill-kleerup.org\/blog\/2004\/03\/03\/name_that_virus.html","url_meta":{"origin":5674,"position":0},"title":"Name!  That!  Virus!","author":"***Dave","date":"Wed 3-Mar-04 1:58pm","format":false,"excerpt":"Fascinating look behind the scenes of who gets to name computer viruses -- and why every virus seems to have multiple names. The answer is pretty straightforward -- everybody in...","rel":"","context":"In &quot;Spam&quot;","block_context":{"text":"Spam","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/computer-security\/spam"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5662,"url":"https:\/\/hill-kleerup.org\/blog\/2004\/01\/28\/for_pitys_sake.html","url_meta":{"origin":5674,"position":1},"title":"For pity&#8217;s sake, people &#8230;","author":"***Dave","date":"Wed 28-Jan-04 2:19pm","format":false,"excerpt":"Get a virus checker! Don't click on unknown attachments from mysterious e-mail senders! Read the news! Over half -- closer to two-thirds -- of the e-mail in my personal in-box...","rel":"","context":"In &quot;Hi-Tech&quot;","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2699,"url":"https:\/\/hill-kleerup.org\/blog\/2002\/05\/15\/crying_wolf.html","url_meta":{"origin":5674,"position":2},"title":"Crying wolf","author":"***Dave","date":"Wed 15-May-02 6:55am","format":false,"excerpt":"When is a computer virus not a computer virus? When it's a hoax about a virus, encouraging people to delete files off their computer which are actually legitimate system files....","rel":"","context":"In &quot;Hi-Tech&quot;","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8034,"url":"https:\/\/hill-kleerup.org\/blog\/2005\/06\/15\/the_name_is_fam.html","url_meta":{"origin":5674,"position":3},"title":"The name is familiar, but I can&#8217;t quite place the face &#8230;","author":"***Dave","date":"Wed 15-Jun-05 12:11am","format":false,"excerpt":"I love this stuff: Dear user brian, You have successfully updated the password of your Hill-kleerup account. If you did not authorize this change or if you need assistance with...","rel":"","context":"In &quot;Virii &amp; Malware&quot;","block_context":{"text":"Virii &amp; Malware","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/computer-security\/virii"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":493,"url":"https:\/\/hill-kleerup.org\/blog\/2003\/04\/07\/whaddaya_know_a.html","url_meta":{"origin":5674,"position":4},"title":"Whaddaya know &#8212; a real one","author":"***Dave","date":"Mon 7-Apr-03 9:19pm","format":false,"excerpt":"Most virus warnings I receive from friends and family through the mail are false alarms, as a quick Google will tell you. But this one seems to be legit: VBS_LISA.A....","rel":"","context":"In &quot;Blogging &amp; Internet&quot;","block_context":{"text":"Blogging &amp; Internet","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1388,"url":"https:\/\/hill-kleerup.org\/blog\/2002\/01\/14\/billions_and_bi.html","url_meta":{"origin":5674,"position":5},"title":"Billions and billions served","author":"***Dave","date":"Mon 14-Jan-02 10:23am","format":false,"excerpt":"When computer viruses strike, and pundits begin reciting the economic impact, where do they pull those numbers from? Possibly from thin air. Michael Erbschloe, vice president of research at Computer...","rel":"","context":"In &quot;Spam&quot;","block_context":{"text":"Spam","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/computer-security\/spam"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/5674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=5674"}],"version-history":[{"count":0,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/5674\/revisions"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=5674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=5674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=5674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}