Spyware Warrior

[wawadave]

Panda Software reports the appearance
of variant B of the Mydoom worm -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, January 28, 2004 - Even though incidents caused by Mydoom.A.worm are
still on the rise, PandaLabs has already detected variant B of this worm:
Mydoom.B.worm.

This new variant is even more dangerous than its predecessor, as it is
designed to prevent several antivirus programs from updating correctly.
This, nevertheless, does not affect Panda Software antivirus solutions.

Like Mydoom. A, the new worm is designed to attack and saturate networks of
any size. To do this, it searches e-mail addresses in the Outlook Address
Book as well as in computer files with the extensions: .htm, .sht, .php,
.asp, .dbx, .tbb, .adb, .pl, .wab, .txt. Then, the worm uses its own SMTP
engine to send itself by e-mail. Mydoom.B.worm also spreads via KaZaA.

Mydoom.B.worm also modifies the Windows hosts file. By doing this, it
manages to redirect certain Internet addresses -including those of several
antivirus vendors - so that, when users try to access them, the Internet
browser shows an error message indicating that the page could not be found.
In this way, it prevents several antivirus programs from updating properly.

Unlike Mydoom.A, this new malicious code has been designed to launch DoS
(Denial of Service) attacks against the Microsoft Corporation servers.

Panda Software has already made the updates to its products available to its
clients to ensure their solutions can detect and eliminate Mydoom.B. Even
though Panda Software's products can be automatically updated every day,
those whose software is not configured to update automatically, should
update their solutions from http://www.pandasoftware.com/.

Users can also detect this and other malicious code using the free, online
antivirus, Panda ActiveScan, which is available on the company's website at
http://www.pandasoftware.com/.

Finally, the epidemic caused by the Mydoom.A worm shows no signs of
cooling. The number if infected e-mails that are in circulation is
continuously increasing, which means that the possibility of becoming
infected by Mydoom.A is still very high. Mydoom.A.worm has infected seven
times more computers than Bugbear.B, the second virus most frequently
detected by the online antivirus Panda ActiveScan.

Everything seems to indicate that the writer or writers of these two worms
aim at putting as many copies of their creations as possible in circulation.
In this way, on the dates when the denial of service attacks are set to
occur, there will be more possibilities for these to be successful.

Detailed technical information on Mydoom.A.worm and Mydoom.B.worm is
available from Panda Software's Virus Encyclopedia.

More detailed information on Mydoom.A.worm and Mydoom.B.worm is available
from Panda Software's Virus Encyclopedia, at
http://www.pandasoftware.com/virus_info/encyclopedia/.

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the "cut" and "paste" options to join the pieces of the
URL.

------------------------------------------------------------

_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

1. Bounty Set as MyDoom Builds Zombie Army
As the virulent MyDoom worm races across the Internet, building an army of
computer
zombies potentially 500,000 strong, The SCO Group is setting a $250,000 bounty
on the
virus author's head.
http://nl.internet.com/ct.html?rtr=on&s=1,oua,1,lfmu,1h2w,9s3s,a9gz
dont actually count on getting paid by sco there not exactly an upstanding company!
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

2. New Mydoom Variant Also Arrives as Email Attachment
On the heels of the rapid spread Tuesday of the Mydoom.A worm, several vendors
Wednesday
are reporting the appearance of a new variant, W32/MyDoom-B, a worm that also
spreads by
email attachments.
http://nl.internet.com/ct.html?rtr=on&s=1,oua,1,1edp,6sel,9s3s,a9gz

_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

this is a bit of a follow up on the well over hashed out doom virus.

by Paul Thurrott, thurrott@winnetmag.com

Microsoft Web Site Deflects Weakening Virus Attack
A variant of the computer virus that knocked SCO Group's Web site
off the Internet earlier this week had no effect on Microsoft's Web
site yesterday, causing security experts to describe the virus,
MyDoom.B, as "poorly written." Analysts were concerned that the MyDoom
variant would flood the Internet's DNSs with requests for Microsoft's
Web site, making the site unavailable to users. But unlike the earlier
attack on SCO's Web site, the Distributed Denial of Service (DDoS)
attack on Microsoft's Web site never really got off the ground.
"It seems like the attack was poorly coded and a complete failure,"
Jack Sebbag, Canadian general manager and vice president of Network
Associates, said. "It had less than 4000 or 5000 PCs trying to attack
the Web site. It's basically become an absolute nonissue for
Microsoft." By comparison, the original version of MyDoom infected
millions of PCs and was able to use hundreds of thousands of them as
zombies to attack the SCO Web site. Meanwhile, Microsoft had taken
steps to prevent the MyDoom.B attack from succeeding, although for
security reasons the company is remaining tight-lipped about what it
did to prevent a disruption. "While we are unable to discuss the
specific remedies we took to prevent the DDoS attack, we did make it a
priority to ensure that Microsoft Web sites, such as Windows Update,
remained fully available to our customers," a Microsoft spokesperson
said late yesterday.
With MyDoom.B activity dwindling, security experts are already
looking to the next attack, which will likely be another variant of
what's already described as the worst email virus attack ever
perpetrated. "There may be a MyDoom.C or MyDoom.D," Sebbag warned, if
only because the perceived success of MyDoom will likely inspire
malicious attackers to launch similar assaults on firms they don't
like. The creators of MyDoom clearly attacked SCO because it's
involved in a high-profile and high-stakes battle with Linux backers
such as IBM and Novell. Microsoft--well, Microsoft is Microsoft. Who's
next?


_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd