There is a widespread outbreak of the WORM_MIMAIL.R email worm.

This worm is spoofing the sender's email address. If you receive one of these emails, the person in the FROM: address is NOT the person who sent it to you.

If you are running an email server with antivirus software that bounces virus infected emails, FOR GOD'S SAKE STOP BOUNCING THEM! You are participating in a denial of service attack by bouncing viruses at people who are not infected. You could even infect them yourself! STOP BOUNCING THEM!

If you receive an email like the one described below, DON'T OPEN IT! Delete it immediately, update your antivirus program and scan. If you don't have an antivirus, get one.
http://www.nod32.com/ Nod32 $39.00 (The best AV available)
http://www.grisoft.com/ AVG Free (Good enough for the price)

Description From Trendmicro:
http://www.trendmicro.com/vinfo/viru...=WORM_MIMAIL.R

A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004 1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the spread of WORM_MIMAIL.R.

Also known as W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg.A@mm

This mass-mailing worm selects from a list of email subjects, message bodies, and attachment file names. It can also propagate using the Kazaa peer-to-peer file sharing network.

It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004.

It runs on Windows 98, ME, NT, 2000 and XP.

It sends email with the following details:

Subject: (any of the following)

Error
Status
Server Report
Mail Transaction Failed
Mail Delivery System
hello
hi
Message Body: (any of the following)

The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
test
Attachment: <Random name>.zip

Post this on every message board you can find. Get the word out. If you have a friend or family member who does not understand how to operate an antivirus, please check that they are updated and protected. If you know someone running antivirus on an email server, please tell them to turn off the bounce feature.

Only had one of these so far, thank goodness. its playing havoc at the moment - some virus creators need to grow up! Also need to get a life

I know at work we have been having problems recently with MyDoom Netsky and Beagle running around on our clients networks. We have spent several hours at each site cleaning up the virus mess.

Its not always the virus writers fault.... a lot of users/business just dont take the necessary safeguards to protect themselves. I've seen 50+ employee business with virus software 8 months out of date and they dont even have a firewall on the broadband connection.

People who are stupid engough to not take precautions sometimes deserve a nice swift kick of reality (virus) to wake them up.

There are a lot of viruses going around recently.
I think in the last few months there has been a huge increase in the number of viruses being sent in emails.
I have McAfee installed and its catching all viruses as attachments but I would say every 1/20 is still getting through and trying to infect the system, but then it catches it.

I had an idea for a virus a while back. With all the new motherboards now support BIOS modifications from windows. I thought it would be funny to write a virus that would change the BUS speed + clock multiplier so next time someone starts up there machine it runs at like 133Mhz when it should really be up around 2.0GHz. I dont think most basic users would know how to fix that... and most advance users wouldnt even suspect it.

If you see a virus come out like this in the next few months/year it wasnt me... but at least I can claim credit for the idea since I created this post

You were a moderator here haha
Well I will be sure to remind people to give you the credit when there are a load of pissed people

At least now that this idea is out in the public... people will see and and maybe a fix will be made to avoid this problem prior to it occuring

OMG, I see bad things with this. Like overclock it, cause the CPU to overheat and potentially damage hardware. Oh, what the h#ll was Micro$oft thinking when the enabled that and the BIOS people know that users who do not go into BIOS should stay out!

Yea, I have been seing a lot of the...


p_usb.zip contains Worm.Cjdra.A
misc.zip contains Worm.Mydoom.F
your_file.pif contains Worm.SomeFool.Gen-1
message_details.pif contains Worm.SomeFool.I

Looks like my machine is getting low traffic on the 4 viruses above. I installed MailScanner using ClamScan or something like that and it is trapping all of those. I get those "messages" as the root user that they were deleted.

thats nothing big, symantec.com watch that site, a new email worm released almost daily

Do you not think theres been more viruses in the last few months than there was before Steve?
I know Im getting far more on all my accounts, including the ones with my ISP, so its nothing to do with just a few servers Im using having problems and letting more through

yea there are, you cant really stop it, they will keep on coming.

Well,

When I receive an eMail my Pandita and Simi scans the eMail, the Pandita always wins!

Get Real get Panda! (Advertising :p )

I have caught 24 Virus eMails, 23 where by Panda :p and 1 was from Sima

Also, I run a Firewall with Pandita and ZoneAlarm so I'm more Protected than SCO

Pandita: Panda Antivirus
Sima: Norton Antivirus

~Francisco

lol Great slogan, right now my security team is developing a system to highlight viruses in inboxs, you can read the project at www.webmaxhosting.com/squirrelmail/ under moon-hosting new e-mail features,

Im interested in seeing that Max
Will you post here when the screenshots are available please