| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 41941 | 2004-01-27 03:59:00 | What is "Worm.sco.a up to?? | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 210306 | 2004-01-27 03:59:00 | Hi Team I was just doing a routine email dowload and No 1 son's Freenet account suddenly started downloading 58 emails. It usually has only 4 or 5 items of spam in there as he doesn't actually have access to it from his computer and never has. The spam dates back to the previous owner of the address who surfed not wisely but too well, straying into all sorts of nasty sites (hence the embargo on said-son using it.). I killed the download but not before I saw a message from cytanet.com.cy saying that they had rejected a virus apparently sent from his email address. The virus was worm.sco.a but I can't find it in my Norton AV definitions or on Google. Is it new? I am currently scanning the recipient computer for viruses just in case . Cheers Billy 8-{) :| |
Billy T (70) | ||
| 210307 | 2004-01-27 04:06:00 | W32.Novarg.A@mm [Norton] W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend] |
Jim B (153) | ||
| 210308 | 2004-01-27 04:10:00 | Ah so! Are they all the same virus? I hope the email address was spoofed then, but the AV is up to date on that box as of minutes before this started so we'll see if the scan picks up an infection. Cheers Billy 8-{) |
Billy T (70) | ||
| 210309 | 2004-01-27 04:32:00 | It's spreading pretty fast. Symantec's note on it (securityresponse.symantec.com) |
Biggles (121) | ||
| 210310 | 2004-01-27 04:34:00 | And does infact be seem to be targeting SCO with a denial of service attack launched from infected PCs. New virus infects PCs, whacks SCO (news.com.com) |
Biggles (121) | ||
| 210311 | 2004-01-27 05:06:00 | Okay, I'm light on virus experience, not having had an infection ever (crossed fingers as I type this), though I have intercepted about five prior to infection over the last seven or eight years. Nortons has just completed a full scan without finding anything and I have all mail scanned on download too. Can I assume that the use of my son's email address is a spoof, or should I keep looking for an infection in this particular box which is the only one I use to download email? Cheers Billy 8-{) :) |
Billy T (70) | ||
| 210312 | 2004-01-27 05:06:00 | Best use of a virus i have seen so far. | metla (154) | ||
| 210313 | 2004-01-27 05:42:00 | > Best use of a virus i have seen so far . > Amen to that . . . I thought the MS . Blaster was a pretty cool idea too ;-) |
Chilling_Silently (228) | ||
| 210314 | 2004-01-27 06:32:00 | I have had a heap bounced emails returned to me today infected with the above virus. This is strange because I have not sent any this afternoon and the home pc was off when the emails were returned. I ran avg and it picked up the WORM_MIMAIL.R. All the bounced emails have been stamped with the xtra email virus scanner but I cant see who they were sent to or whether they really came from me??? anyone have any ideas on this ? mike |
miknz (3731) | ||
| 210315 | 2004-01-27 06:34:00 | Just found that one of the emails returned to me has the following . dat file attached to it, can anyone decode this Reporting-MTA: dns; mail . budget . co . nz Arrival-Date: Tue, 27 Jan 2004 14:15:36 +1300 (NZDT) Final-Recipient: rfc822; lchoat@budget . co . nz Action: failed Status: 5 . 0 . 0 Diagnostic-Code: X-Postfix; maildir delivery failed: create /home/lchoat/Maildir/tmp/1075172783 . 22772_15 . mail . budget . co . nz: Permission denied cheers |
miknz (3731) | ||
| 1 2 3 | |||||