RE: Virus (WORM_MIMAIL.R) not from me !

[Peter Mount <peter@retep.org.uk>]

On Tue, 27 Jan 2004, Thomas Droege wrote:

> To All,
>
> Looks like my computer was infected.  I just saw Paul's name and opened
> the attachment.  A lesson.  Don't go by the name of someone you care
> about.

That's one of the reasons Viruses (and now spammers) are faking existing
addresses, to trick people who don't open mail from anyone they don't
know.

> OK, I should now be clean.  I am not sure that this virus could do it's
> thing since this computer is on the other sice of a router.  Experts can
> tell me how much damage might have been done.  I think this virus works
> by opening up ports to outside attack.  Does the router prevent this?

If the router is running NAT, or it has a built in firewall, then it would
protect you from inbound attacks.

The virus that's been causing problems today does open a port on your
machine so it would protect you from someone connecting to it from the
outside.

What it wouldn't do though is protect you from is that this virus is also
set to DDOS sco.com for the first week of February (although an
interesting result is that sco were DDOS'ed this morning, so if that was
from the virus, most people's PC clocks are way off - nothing new).

> As near as I can tell I was infected on 26 Jan and am now clean.  So not so
> much time to do it's thing, abut computers are fast...

Unfortunately I'm seeing more email traffic from that virus now than this
morning. ie: This morning I had about 200 of them. Now I'm seeing about 50
an hour, and that's just to my email address - I hate to think what my
mailserver is seeing to dead addresses :-(

Peter

-- 
Peter Mount
peter@retep.org.uk
http://www.retep.org/
http://retep.net/
   Tel: +44 (0) 1622 749439
   Fax: +44 (0) 8701 361620
Mobile: +44 (0) 7838 191423
    IM-MSN: retep207@hotmail.com
IM-AOL/ICQ: retepworld