Worm attack


Get another hobby, please!

I have managed to avoid previous attacks by internet worms and viruses. Apparently it's true, you can't hide — at least not forever.

This morning I was cleaning out my intray of offers for Cialis, the "new Viagra." (How do they know? Is nothing sacred anymore?) Although I know it's probably futile, I have adopted the practice of forwarding these back to abuse@whatever.domain. I don't really expect them to make the spammers stop, but it makes me feel better.

Anyway, about 10 minutes after I had sent off such a message, a new message popped into my intray:

email with Novarq worm

I knew I had not sent anything to Arizona.EDU so I was immediately suspicious.

At the same time, Norton Anti-Virus popped up to say that the attachments to the message were infected with W32.Novarq.A@mm, aka Mydoom. According to the information provided by Symmantec, this lovely specimen is designed to carry out a denial-of-service attack against sco.com beginning 1-Feb and running through 12-Feb. It also creates a backdoor to your computer that allows it to be hijacked for other nefarious purposes.

Second time. Several days ago I got a phone call from Jim, wanting to know "Did you just send me an email with an attachment?" He described the message: subject line reads: "Hi"; body contains the word "Test" followed by a smiley, a line of gibberish, a line with two dashes, and another line that says "Test, yep."

I explained that I certainly had not sent such a message, but I had received an almost identical message just moments before that differed only in the letters in the line of gibberish and the name of the attachment.

email with Beagle worm

Norton had intercepted that message, as it was contaminated with W32.Beagle.A@mm.

That one remains a mystery. I scoured my machine looking for the files and registry settings that the Beagle (aka Bagle) worm creates, but could not find anything. So I don't know if Jim got his message from me, or from a mutual acquaintance, of which we have many. (Since the Beagle worm spoofs the "From" field, you can't be sure where it actually came from.)

Inasmuch as the Beagle worm didn't do anything except send emails, there was some speculation that it was "proof of concept" for a more malicious worm to come later.

Get a life! I just wish that the people doing this would find some other hobby!