Novarg/MyDoom Virus Alert

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

Full details can be found at Symantec's Site.

You may download a removal tool here.

SoBig.F Virus Alert

Yet another new virus threat has been discovered. Called the SoBig.F, it mass emails it's payload to unsuspecting email addresses. An infected computer will parse the users address book and randomly choose an address to use as the "From:" address (essentially impersonating that person). It then sends infected messages to every email address if finds in the address book. This has the unfortunate side effect of causing all the bounces to be returned to the impersonated "From:" address, even though they were not truly the original sender.

The payload is a variety of .pif and .scr attachments that infect the computer when executed. Our mail server blocks these types of attachments, so the rick of getting infected is minimal. However, if your email address happened to be used as the spoofed "From:" address on someone elses infected computer, then you may still receive unexplained bounces that claim to have originated from you.

You can download a removal tool here.

For more information about this virus click here.

MBlast Worm Alert

A very new virus is currently wreaking havoc on the Internet. It is known as "W32.Blaster" or "Win32.Poza" or "Lovsan.worm". It affects Windows NT, 2000 and XP machines. The virus was discovered on 8/11/2003, meaning that very few people were protected by their virus software. Most people are still unprotected (unless you have updated your virus definitions since then). This virus can infect your machine the second you go online without you doing anything except connecting to the Internet. This is why it is classified as a "Worm". If you are running one of the operating systems above, you absolutely need to patch your machine to be safe. However, this virus disconnects you regularly from the internet, which may prevent you from staying online long enough to get the patch. The virus also blocks the Windows update service, so you cannot get the patch that way.

You can download a removal tool here.

Download the Windows NT patch here.

Download the Windows XP patch here.

Download the Windows 2000 patch here.

For information about this virus click here.

If you have the virus (or think you do), you can get a free diskette with the removal tool and these patches (with instructions) from us at our office.

Read about this on our message boards here.

Home  |  Services  |  Members  |  Search  |  Support