RE: Virus (WORM_MIMAIL.R) not from me !

[Chris Albertson <chrisalbertson90278@yahoo.com>]

Peter is of course right.  Here is the same thing but
from another angle.....

People are calling this a "virus" or "worm" but it really
 is a clasic "Trojan horse".  It uses the 2,500 year old
technique.  Basically you drees up something bad to look
like something people might like to have and then people
let down thier defences and willingly take the thing inside.

This attacker is sending you emial that appears to be from
people you know but actually contains a program you don't
want.   Routers will not help as it is likely programmed
to allow incomming email

The ONLY way to prevent Tojans is to X-ray all wooden horses
you find _before_ you brign them inside.

That's why I suggested looking a www.fuesmail.com.  They will
do just that for you.  Run incomming mail through them, they'll
x-ray it for you.  Of course you could set up your own x-ray
machine on a Linux box with "spam assasin" or the like but
that is not a job for a beginner sysadmin.

I would suggest that in addition tousing a servive that offers
e-mail filteing that you also use a mail reader that does
filtering.  Mozilla is one such reader.  There may be others.


--- Peter Mount <peter@retep.org.uk> wrote:
> 
> On Tue, 27 Jan 2004, Thomas Droege wrote:
> 
> > To All,
> >
> > Looks like my computer was infected.  I just saw Paul's name and
> opened
> > the attachment.  A lesson.  Don't go by the name of someone you
> care
> > about.
> 
> That's one of the reasons Viruses (and now spammers) are faking
> existing
> addresses, to trick people who don't open mail from anyone they don't
> know.
> 
> > OK, I should now be clean.  I am not sure that this virus could do
> it's
> > thing since this computer is on the other sice of a router. 
> Experts can
> > tell me how much damage might have been done.  I think this virus
> works
> > by opening up ports to outside attack.  Does the router prevent
> this?
> 
> If the router is running NAT, or it has a built in firewall, then it
> would
> protect you from inbound attacks.
> 
> The virus that's been causing problems today does open a port on your
> machine so it would protect you from someone connecting to it from
> the
> outside.
> 
> What it wouldn't do though is protect you from is that this virus is
> also
> set to DDOS sco.com for the first week of February (although an
> interesting result is that sco were DDOS'ed this morning, so if that
> was
> from the virus, most people's PC clocks are way off - nothing new).
> 
> > As near as I can tell I was infected on 26 Jan and am now clean. 
> So not so
> > much time to do it's thing, abut computers are fast...
> 
> Unfortunately I'm seeing more email traffic from that virus now than
> this
> morning. ie: This morning I had about 200 of them. Now I'm seeing
> about 50
> an hour, and that's just to my email address - I hate to think what
> my
> mailserver is seeing to dead addresses :-(
> 
> Peter
> 
> -- 
> Peter Mount
> peter@retep.org.uk
> http://www.retep.org/
> http://retep.net/
>    Tel: +44 (0) 1622 749439
>    Fax: +44 (0) 8701 361620
> Mobile: +44 (0) 7838 191423
>     IM-MSN: retep207@hotmail.com
> IM-AOL/ICQ: retepworld
> 
> 
> 


=====
Chris Albertson
  Home:   310-376-1029  chrisalbertson90278@yahoo.com
  Cell:   310-990-7550
  Office: 310-336-5189  Christopher.J.Albertson@aero.org
  KG6OMK

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/