New virus infects PCs, whacks SCO

A mass-mailing virus that quickly spread through the Internet on Monday planted a file that will instruct infected computers to attack the SCO Group's Web server with a flood of data on Feb. 1.

The virus--known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies--arrives in an in-box with one of several different random subject lines, such as "Mail Delivery System," "Test" or "Mail Transaction Failed." The body of the e-mail contains an executable file and a statement such as: "The message contains Unicode characters and has been sent as a binary attachment."

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

"It's huge," said Vincent Gullotto, vice president of security software maker Network Associates' antivirus emergency response team. "We have it as a high-risk outbreak."

In one hour, Network Associates itself received 19,500 e-mails bearing the virus from 3,400 unique Internet addresses, Gullotto said. One large telecommunications company has already shut down its e-mail gateway to stop the virus.

Once the virus infects a Windows-running PC, it installs a program that allows the computer to be controlled remotely. The program primes the PC to send data to the SCO Group's Web server, starting Feb. 1, a virus researcher said on the condition of anonymity.

The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

 Latest computer virus runs rampant in a high-risk outbreak

The company's Web site was slow to load on Monday afternoon, a SCO spokesperson acknowledged, but the site was still accessible from the World Wide Web.

SCO's Web site was taken offline by denial-of-service attacks a handful of times in the last year, none of which had been initiated by a virus. In the past, the company has blamed Linux sympathizers for at least one of the attacks.

Antivirus companies were scrambling on Monday afternoon to learn more about the virus, which started spreading at about noon PST. The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.

"A lot of the information is encrypted, so we have to decrypt it," said Sharon Ruckman, a senior director of antivirus software maker Symantec's security response center. Symantec has had about 40 reports of the virus in the first hour, a high rate of submission, Ruckman said.

		Special report 20-year plague From the first experiments to today's epidemics, computer viruses have come a long way.

The virus installs a Windows program that opens up a "back door" in the system, allowing an attacker to upload additional programs onto the compromised device. The back door also enables an intruder to route his connection through the infected computer to hide the source of an attack.

The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded. The virus camouflages itself, using one of seven file names, including Winamp5, RootkitXP, Officecrack and Nuke2004. Variations in the body text include: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."

Early data indicated an epidemic several times the size of the Sobig.F virus, which caused widespread infections last summer, said Scott Petry, a vice president of engineering at e-mail service provider Postini.

		Reader resources MyDoom prevention and cure CNET Reviews

"At its current run rate, we will trap almost 8 million in a day," Petry said. The company quarantined only 1,400 copies of Sobig.F in its first day and 3.5 million copies of the virus during that epidemic's peak 24-hour period.

Mail systems that remove executable files from e-mails can stop the program from spreading.

[ww2vet54]

Win32.Nuvens.AK (NEW VIRUS)

Yesterday I was working on line and I decided to run a VScan. I use Zone 2006 Suite. So I take a break and come back after the scan. I see New! igh Risk! Can Not Be Cleaned! New! Unknown!...
(Win32.Nuvens.AK ) so it is identified. So I hop on line to search it out. "NOTHING" Anyware. No Mcafee or Norton Stinger, Nothing at PC Cillin (Trend), Nothing ay AVG or Bit Defender sites...
I figure maybee a false alarm, so I uninstall my zone and load up PC Cillin. Run the scan and Bingo. It also flags tiis creature. No, not a false alarm. I emiedatly back up my files and spens hours doing a manual search 1 kernal at a time, Nothing! The PC starts to slow. I try a re-boot in safe mode to do a restore. The restore will not complete. Luckily I have a back up hard drive so I switch out and I'm o.k. I thought I would provide this info so the pros could get at it. I,m wondering if this is the same one I soe bloged here?

[linuxkid66]

re format your hard drive. will clean everything out and just like new :)

windows... when it rains, it pours.
should have got a linux

[Jack Moran]

Marketing HiJack (Virus)

I recently went to a legitimate webpage only to find that it had been hacked, and a "virus" was dumped on me.

The webpage downloaded a bunch of crap to my system that causes my browser to redirect based on certain key words in the webpage I am loading (my guess). It also pops up a marketing message and suggestions that I go to a page called www.dxcdirect.com

I cannot find an antivirus software to counter this or that will even find the culprit routines!

Any suggestions?

[LrdRyu]

you could try hitman pro 2
it's free but be sure to have a backup of important files ( it tends to kill certain files that are allowed but display a small malfunction )
it's a pretty heavy scan ( uses 7 different anti-viruses and anti spywares ) but one time i had a worm that opened my ports ( all of them ) so the virusses came swarming in, i used it and my computer was fixed ( after 6.5 hours ) .... well exept my video card ( the driver was infected and there for destroid ) but that was redownload able

ooh and did i mantion it was FREE and trust able

[ultralevy123]

i don't have it on my computer (i think0, but my schools districts server has it i believe)

[linuxkid66]

this virus is actually very easy to avoid... like they mentioned above, many mail servers like aol (and yahoo i believe) can stop .exe files from entering. back door trojans use open ports on your computer, simply make sure that only necessary ports are open with the right security. the easiest way to avoid this virus? simple... what have many people done because of all these windows errors?? windows is infamous for letting you get hacked. maybe you should use linux instead ;)

[linuxkid66]

this virus is actually very easy to avoid... like they mentioned above, many mail servers like aol (and yahoo i believe) can stop .exe files from entering. back door trojans use open ports on your computer, simply make sure that only necessary ports are open with the right security. the easiest way to avoid this virus? simple... what have many people done because of all these windows errors?? windows is infamous for letting you get hacked. maybe you should use linux instead ;)

[sandeep_indus]

I have XP but I don't worry about these viruses or spywares. I have tech guys of IT24BY7 with me. I have their unlimited subscription and whenever I have any issues with my laptop, I call them and they remote in and fix my problem.

These folks are awesome. I recommend their service to everyone.

www.IT24BY7.com

[gpsekaron]

i have a problem in my computer auto shut down after 3 min no errors or no meseges

[websitehandyman]

Here a new one on me, torrent users should take note !

So you download a video file, perhaps a film or other but when you run it your media player comes up with a message - You don't have the licence needed to play this file, click here to download the free licence.

You do that and still can't run the file but what you don't know is you've installed a virus. I've yet to see the full force of this virus but it does try to access web sites. Soon as it did that Avast found it. So I did a full scan and it found infected files which were deleted. Everything was fine for a while, then on bootup in vista gave an "authentication" message and I couldn't get in. A restore failed but a memory check got me back up again. But althought the pc is working find it has tried to access a web page again and avast blocked that.

If anyone identifys the virus I would like to know but I'll track down sooner or later.