there was was a question for this i thought, so forwarded from secfocus. cheers thanks to Thor Larholm from pivx solutions
-- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Verzonden: dinsdag 27 januari 2004 1:04 Aan: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Onderwerp: [Securityfocus-bugtraq] New MiMail variant is DDoS'ing SCO.com MiMail.R, also known as W32/[EMAIL PROTECTED] (McAfee), Novarg (F-Secure), [EMAIL PROTECTED] (Symantec), Win32.Mydoom.A (CA) and Win32/Shimg (CA), is a polymorphic variant that collects/spams/forges email addresses using its own SMTP engine, installs a backdoor (most likely for use by spammers) and engages in a DDoS attack against SCO.com by routinely sending 63 HTTP requests. It's send as a ZIP attachment containing an executable file with the file extension masked by numerous spaces. McAfee is calling this a High Outbreak worm, which definitely fits the bill according to the number of samples we are receiving. Is the SCO.com DDoS an attempt at distraction from the fact that this virus installs a proxy backdoor? CA used to have a removal tool at http://www3.ca.com/Files/VirusInformationAndPrevention/clnshimg.zip but it's no longer available. More information: http://us.mcafee.com/virusInfo/default.asp?id=mydoom http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIM AIL.R http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] html http://www3.ca.com/solutions/collateral.asp?CT=27081&CID=54593 Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com [EMAIL PROTECTED] Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> _______________________________________________ Securityfocus-bugtraq mailing list [EMAIL PROTECTED] http://lists.elvandar.org/mailman/listinfo/securityfocus-bugtraq _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
