|
|
|
General Forum: Information Technology | | Mydoom has been bigger and faster than Sobig | |
| How to remove the Mydoom virus
If your computer is infected a removal tool must be used. A free tool is provided by software provider Mcafee in the form of the Stinger tool available for download at; http://download.nai.com/products/mcafee-avert/stinger.exe.
Furthermore if you are using Windows ME or Windows XP you must ensure you turn off your XP Restore functionality, as the restore utility backs up selected files automatically to the C:\_Restore folder where the worm can be stored and remain hidden from any Virus scanning software.
In order to remove the infected files you must first disable the System Restore Utility and then remove the infected files from the C:\_Restore folder as detailed below:
WindowsME
1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the Performance tab.
3. Click on the File System button.
4. Click on the Troubleshooting tab.
5. Put a check mark next to 'Disable System Restore'.
6. Click the 'OK' button.
7. You will be prompted to restart the computer. Click Yes. Note: To re-enable the Restore Utility, follow steps one to seven and on step five remove the check mark next to 'Disable System Restore'.
WindowsXP
Disabling the System Restore Utility (Windows XP Users)
1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.
Note: To re-enable the Restore Utility after you have cleaned the specified folder, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.
Posted by: Mr. manoopuli At: 2, Feb 2004 9:40:58 PM IST
Mydoom cripples US firm's website
The Mydoom virus tries to trick people into clicking on it
The Mydoom e-mail worm has paralysed the website of US software firm SCO, in a massive denial of service attack.
The company - which owns the source code of the Unix operating system - said the virus was "overwhelming the internet with requests to www.sco.com".
Both SCO and Microsoft have offered $250,000 rewards each for help to catch the author of the worm - the fastest-spreading virus known so far.
A variant of the virus is expected to attack Microsoft's site from Tuesday.
The first version of the virus, Mydoom.A - also known as Novarg or Shimgapi - emerged last Monday in the form of a spam e-mail message that contained a well-disguised virus attachment.
Utah-based SCO said that by 0500 GMT on Sunday its website was flooded with requests beyond its capacity.
SCO has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.
Mydoom.A is set to become ineffective on 12 February.
Experts say Mydoom.A and its successor, Mydoom.B, accounted for 30% of all e-mail traffic at their peak, beating all previous records for virus infections.
The worm - which opens up security holes - has left hundreds of thousands of computers vulnerable to hackers and spammers and the economic cost has been estimated at $26.1bn so far.
"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," said Jeff Carlon, worldwide director of Information Technology infrastructure at SCO Group.
Posted by: Mr. manoopuli At: 2, Feb 2004 9:07:12 PM IST
The hunt for whoever was behind the Mydoom e-mail worm, and its sibling Mydoom.B, has intensified with a $250,000 reward offered by Microsoft.
Posted by: Mr. manoopuli At: 2, Feb 2004 8:59:34 PM IST
Mydoom has been bigger and faster than Sobig
The malicious e-mail worm, Mydoom, is still burrowing through global e-mail networks, but will plateau in the next two days, said security experts.
Carried in an e-mail attachment, it sends itself out to other e-mail addresses if opened, and may allow unauthorised access to computers.
Experts said it was designed to cripple software firm SCO's website, by flooding it with data on 1 February.
SCO said it was offering a $250,000 reward to find who was responsible.
The US company has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.
'Spill the beans'
"Although Mydoom's author may be sympathetic to the open source community's case, and this may have been the reason they targeted SCO, responsible members of the community would never condone such illegal activity," said Graham Cluley, senior technology consultant for Sophos.
MYDOOM DETAILS
From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters
"It is hoped that this reward may tempt the computer underground into 'spilling the beans' about who might be responsible for this latest attack on all users of the internet."
Mydoom, which only affects computers using Microsoft Windows, also spreads through file-sharing networks, like Kazaa, and installs a "back door" onto machines if launched.
This is a bit of software which allows a computer to be remotely controlled. It listens to commands sent over the net and acts on them.
An infected computer could allow attackers to get unauthorised access to a user's machine and use it to bring down SCO's website, according to security experts.
"It is impossible to say how many systems have been infected, but if we have seen 1.9 million copies, then that is some indication," said Natasha Staley, information security analyst
"It will be a virus that is around for some time and damage will continue to be caused."
Home computer users are likely to be affected more by the worm because they might not have the most up-to-date anti-virus software if they have not logged on for a few days, she added.
Bigger than Sobig
The worm, also known as Novarg, is bigger and faster than last year's Blaster and Sobig ones, and has clogged networks globally since Monday.
Sobig, at its peak, infected one in every 17 e-mails, causing severe problems for many networks.
But Mydoom has surpassed this, infecting one in every 12 e-mails at its peak, said MessageLabs.
PROTECT YOURSELF FROM VIRUSES
Install an anti-virus program.
Keep it up to date
Get the latest patches and updates for your operating system
Never automatically open e-mail attachments
Download or purchase software from trusted, reputable sources
Make backups of important files
Some reports have said one in every nine e-mails sent globally carried the virus at one point.
The first copies to be intercepted by MessageLabs came from Russia, but Ms Staley said it was extremely difficult to ascertain its origin.
Posted by: Mr. manoopuli At: 29, Jan 2004 4:16:55 PM IST
| |
|
|
|
| Advertisements |
|
|
|
|
| Advertisements |
|
