My Doom

[Maurice]

Simple plea;- Have you a patch or whatever, for the "My Doom" virus/worm please? I understand it is due to hit Microsoft tomorrow [February 3rd] & I guess that you are about to be snowed under with queries.
Last year you helped me get rid of the NT Shutdown virus, for which I was very grateful, can you pull another rabbit out of the hat?

 

[RealBlackStuff]

Why don't you run the update-service of your AntiVirus program? All thes programs can be made to update also when YOU want it, not just automatic.

 

[Nodsu]

I doubt this forum is going to get flooded because microsoft.com is down (it isn't at the moment BTW). I mean noone complained about SCO being offline

To protect yourself from the virus, just update your antivirus definition files or use common sense when opening e-mail attachments - whichever is easier for you.

 

[iss]

another way to protect yourself from the virus-----DONT OPEN ATTACHMENTS

 

[aoj145]

Actually, the best way to not get a virus is to unplug your computer from the power outlet on the wall. If you don't turn it on or get rid of your PC then you'll never get a virus.

 

[SNGX1275]

Thats all well and great iss and aoj145, but that doesn't really help him here. Anyway its now Feb 3 so that patch should have been released. I think he was asking if anyone had a patch or a way to become safe before Microsoft tossed it up on their site.

 

[Maurice]

You're correct, SNGX1275, aoj145's remark was stupid & thoughtless, I reported his post, we could do without members like him/her.
Yes, I'm hoping that I will hear of a usable patch in the near future, the deadline has come & gone now, as you say.

 

[iss]

snjx1275,

my comment was not flippant and yes it does help to remind people to not open attachments. the reason this virus was able to infect 250,000 computers in one day is becuase people simply will not follow that simple rule.

 

[Nodsu]

FYI MyDoom doesn't use any security holes in any software (unless you count the MS Windows operating system as one giant security hole) so there won't be any patches. It is just an e-mail virus propagating by the means of human idiocy.

 

[iss]

my point exactly.

 

[Mictlantecuhtli]

Originally posted by Nodsu
FYI MyDoom doesn't use any security holes in any software (unless you count the MS Windows operating system as one giant security hole) so there won't be any patches. It is just an e-mail virus propagating by the means of human idiocy.

A trojan that doesn't use any security holes? How come it can work then?

http://www.f-secure.com/v-descs/novarg.shtml

The backdoor component of Mydoom.A is dropped to the System Directory with the filename 'shimgapi.dll'. The file is added to the registy as:

[HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32]

This registry value makes Explorer to load the DLL as an extension so it is not visible as a separate process in Task Manager.

The backdoor listens on the first available TCP port between 3127 and 3198. Connecting to that port a remote attacker can

- use the infected computer as a TCP proxy

- upload and execute arbitrary executables to the infected computer

 

[Nodsu]

You are talking like a trojan horse needs a security hole to function. AFAIK a trojan is defined as a program that has hidden possibly malicious functionality.

Where do you see a security hole in that virus description? It is a feature of Windows to let anyone plug anything to the system.

If MS released a patch that wouldn't let you register COM objects it would render the OS pretty much unusable.

 

[Maurice]

Thanks for explaining, I am not "tech" enough to tell one virus from another, I have Ad Aware 6, plus Norman AV, so this should help, don't you think?...I know, I know, I'd be better off with a firewall.

 

[iss]

I think what nodsu was pointing out is that unlike blaster which exploited a flaw in the RPC and could infect a computer simply by it being connected to the net and unpatched. MyDoom comes as an attachment and has to be opened in order for infection to occur. and of course this is what at least 250,000 nitwits have allready done.

 

[Maurice]

Thanx, Iss, I shall try not to be 250,001!!, but you'll agree it's not easy, I hear that it arrives usihg a name in my address book, & I have two major senders of jokes, mainly by attachments, one in Canada & one here in England, ,approx 25 per week each, on average.

 

[aoj145]

Yeah, you need to chill out a little and learn to take sarcasm. Not everything is life and death. Update your software and move on.

 

[Spike]

Just for information, a trojan horse is just a program that allows access to your computer from a remote user, to whom access would normally be denied.

They do not always need to make use of any exploits. Many are never detected because they are written by hackers or crackers (there's a big difference) to use as a one-off, for whatever they are doing at the time.

They can be complex, or a trojan could simply function as a keylogger that sends back the logon details of your workstation back to a specific person/IP/network user/website.

 

[iss]

Thanx, Iss, I shall try not to be 250,001!!, but you'll agree it's not easy, I hear that it arrives usihg a name in my address book, & I have two major senders of jokes, mainly by attachments, one in Canada & one here in England, ,approx 25 per week each, on average.

then I would make sure I am running anti virus that scans incoming email and that I keep it up to date. otherwise the joke will be on you.

 

[Maurice]

Thanks, Spike, it is a little clearer now.
iss, it looks like you had afterthoughts, I appreciate your second message here, & you were 99% serious, wow!, as to chilling out, I guess you are young, as you preferred not to show your age, I HAD to chill out in my job before I retired, I "looked after" some hardened criminals/murderers/lifers at one of Britain's top prisons, Parkhurst,...mention Reggie Kray to your Pop, he will know of him, if you upset the Kray's you ended up with concrete boots, so yes, I know only too well how to stay calm, you had to when facing up to their like..... Sorry, I'm probably sounding like a parent!
To sum up, no hard feelings, my very organised life style, doesn't always recognise the laid-back attitude of young people.
To finish up I have a good AV programme, it seems now, I have to wait & see if it is good enough.

 

[Maurice]

Regarding the definition of My Doom [Novarg] virus, go to
www.snopes.com & type in "my doom virus" [with the apostrophes] it gives a full technical description.
I d/loaded the web page to floppy, & intended to fwd it to TS, but couldn't see how to do it on your site, if you can tell me how, I will do so, or just go to "snopes" [useful site], I know that most of you will know the details of this latest virus,.......but!