Vhmrrxutkvbziepg (MyDoom/Novarg)

From: Pete Turnbull <pete_at_dunnington.u-net.com>
Date: Sun Feb 1 04:17:46 2004

On Jan 31, 18:36, chris wrote:
> >The message contains Unicode characters and has been sent as a
> >attachment.
> Despite allegedly coming from me, I was not the sender of the above
> email. I assure you none of my Macs are infected with this Windows
> :-)
> Someone else with my addy on their machine has been infected. IP in
> header traces back to RIPE Networks in Amsterdam.
> Fortunately, it appears the list strips attachments, so the email is
> nothing more harmful then a minor annoyance to the list.

Yes, this is standard MyDoom/Novarg. It spoofs the sender in the
"From:" and for good measure uses their hostname in the SMTP exchange
when it contacts the destination. Then it adds a zipfile which
contains the payload.

The list does strip attachments -- you can't send attachments to this
list, nor HTML.

Incidentally, Sellam: just not using OE isn't a cure. It might reduce
the problem, but enough people will save and then open attachments
anyway; besides, there are other ways of passing a virus or worm. I've
seen a few of these at work last week. I blackholed about ten

Pete						Peter Turnbull
						Network Manager
						University of York
Received on Sun Feb 01 2004 - 04:17:46 GMT

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:36:41 BST