|
Home > Archive > microsoft.public.cert.exams.mcse > January 2004 > Updated Security alert!! W32/Mydoom@MM
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Updated Security alert!! W32/Mydoom@MM
|
|
| Larry Samuels 2004-01-29, 1:23 am |
| PSS Security Response Team Alert - New Worm: W32/Mydoom@MM
SEVERITY: MODERATE
DATE: January 26, 2004
Updated: January 28, 2004
This alert is being updated to advise you of a new variant of the Mydoom
worm, the Mydoom.b worm that was discovered on 28 January 2004. This new
variant can impede access to some Web sites, including some microsoft.com
web sites. This variant is identical to the original MyDoom in terms of its
impact, and means of prevention. The alert below contains updated
information for technical details, detection and recovery information
specific to the newest variant. As new information becomes available we will
update the TechNet alert and re-issue the PSS Security Alert.
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail
******************************
******************************
**********
WHAT IS IT?
W32/Mydoom@MM spreads via e-mail. The Microsoft Product Support Services
Security Team is issuing this alert to advise customers to be on the alert
for this virus as it spreads in the wild. Customers are advised to review
the information and take the appropriate action for their environments.
IMPACT OF ATTACK:
Mass Mailing, Denial of Service
TECHNICAL DETAILS(UPDATED):
For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please visit
the following links:
Network Associates:
http://vil.nai.com/vil/content/v_100988.htm
Trend Micro:
http://www.trendmicro.com/vinfo/vir...e=WORM_MYDOOM.B
Symantec
http://securityresponse.symantec.co...ydoom.b@mm.html
Computer Associates:
http://www3.ca.com/virusinfo/virus.aspx?ID=38114
DETECTION (UPDATED):
Most up to date Antivirus software can detect this virus. If you don't have
AV software you can run some third party software to detect it:
http://housecall.trendmicro.com/
http://vil.nai.com/vil/stinger/
For more information on Microsoft's Virus Information Alliance please visit
this link:
http://www.microsoft.com/technet/tr...s/virus/via.asp
Please contact your Antivirus Vendor for additional details on this virus.
PREVENTION:
Outlook 2000 post SP2 and Outlook 2002 SP2 include the most recent updates
to improve the security in Outlook and other Office programs.
To ensure you are using the latest version of Office click here:
http://office.microsoft.com/ProductUpdates/default.aspx
By default, Outlook 2000 pre SR1 and Outlook 98 did not include these
updates, but it can be obtained by installing the Outlook E-mail Security
Update. More information about the Outlook E-mail Security Update can be
found here: http://office.microsoft.com/Downloa...0/Out2ksec.aspx
Outlook Express 6 can be configured to block access to potentially-damaging
attachments. Information about how to configure this can be found here:
http://support.microsoft.com/defaul...b;en-us;Q291387
Outlook Express all other versions: Previous versions of Outlook Express do
not contain attachment-blocking functionality. Please exercise extreme
caution when opening unsolicited e-mail messages with attachments.
Web-based e-mail programs: Use of an application-level firewall can protect
you from being infected with this virus through Web-based e-mail programs.
RECOVERY (UPDATED):
If your computer has been infected with this virus, please contact your
preferred antivirus vendor or Microsoft Product Support Services for
assistance with removing it.
A potential symptom of infection with the MyDoom.B Virus is that you are you
unable to visit your Antivirus vendors website or various Microsoft websites
such as support.microsoft.com or windowsupdate.microsoft.com. If you are
experiencing these symptoms please use the following manual commands to
enable access to these websites:
Go to Start Run and type cmd to get a command prompt. Within the command
prompt, type the following commands:
- del /F %systemroot%\system32\drivers\
etc\hosts [enter]
- echo # Temporary HOSTS file > %systemroot%\system32\drivers\
etc\hosts
[enter]
- attrib +R %systemroot%\system32\drivers\
etc\hosts [enter]
On Windows NT, you must reboot after typing these commands.
On Windows 2000, Windows XP, and Windows 2003, you do not need to reboot.
Instead, you must type the following command:
- ipconfig /flushdns [enter]
If you have any questions, you should contact Product Support Services in
the United States at 1-866-PCSafety (1-866-727-2338). International
customers should contact their local subsidiary.
Thank you,
PSS Security
| |
| Consultant 2004-01-29, 11:23 am |
| thanks larry! i'd like to contribute also and let you know that macys is
having a valentines day sale!
http://www.macys.com/catalog/index....nkType=Homepage
"Larry Samuels" <larry@mvps.org> wrote in message
news:e5pERfi5DHA.2524@TK2MSFTNGP11.phx.gbl...
> PSS Security Response Team Alert - New Worm: W32/Mydoom@MM
> SEVERITY: MODERATE
>
> DATE: January 26, 2004
>
> Updated: January 28, 2004
>
> This alert is being updated to advise you of a new variant of the Mydoom
> worm, the Mydoom.b worm that was discovered on 28 January 2004. This new
> variant can impede access to some Web sites, including some microsoft.com
> web sites. This variant is identical to the original MyDoom in terms of
its
> impact, and means of prevention. The alert below contains updated
> information for technical details, detection and recovery information
> specific to the newest variant. As new information becomes available we
will
> update the TechNet alert and re-issue the PSS Security Alert.
>
> PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
> Web-based e-mail
>
> ******************************
******************************
**********
>
> WHAT IS IT?
> W32/Mydoom@MM spreads via e-mail. The Microsoft Product Support Services
> Security Team is issuing this alert to advise customers to be on the alert
> for this virus as it spreads in the wild. Customers are advised to review
> the information and take the appropriate action for their environments.
>
> IMPACT OF ATTACK:
> Mass Mailing, Denial of Service
>
> TECHNICAL DETAILS(UPDATED):
> For additional details on this worm from anti-virus software vendors
> participating in the Microsoft Virus Information Alliance (VIA) please
visit
> the following links:
>
> Network Associates:
> http://vil.nai.com/vil/content/v_100988.htm
>
> Trend Micro:
>
http://www.trendmicro.com/vinfo/vir...e=WORM_MYDOOM.B
>
> Symantec
>
http://securityresponse.symantec.co...ydoom.b@mm.html
>
> Computer Associates:
> http://www3.ca.com/virusinfo/virus.aspx?ID=38114
>
> DETECTION (UPDATED):
> Most up to date Antivirus software can detect this virus. If you don't
have
> AV software you can run some third party software to detect it:
> http://housecall.trendmicro.com/
> http://vil.nai.com/vil/stinger/
>
> For more information on Microsoft's Virus Information Alliance please
visit
> this link:
>
http://www.microsoft.com/technet/tr...s/virus/via.asp
>
> Please contact your Antivirus Vendor for additional details on this virus.
>
> PREVENTION:
>
> Outlook 2000 post SP2 and Outlook 2002 SP2 include the most recent updates
> to improve the security in Outlook and other Office programs.
>
> To ensure you are using the latest version of Office click here:
> http://office.microsoft.com/ProductUpdates/default.aspx
>
> By default, Outlook 2000 pre SR1 and Outlook 98 did not include these
> updates, but it can be obtained by installing the Outlook E-mail Security
> Update. More information about the Outlook E-mail Security Update can be
> found here: http://office.microsoft.com/Downloa...0/Out2ksec.aspx
>
> Outlook Express 6 can be configured to block access to
potentially-damaging
> attachments. Information about how to configure this can be found here:
> http://support.microsoft.com/defaul...b;en-us;Q291387
>
> Outlook Express all other versions: Previous versions of Outlook Express
do
> not contain attachment-blocking functionality. Please exercise extreme
> caution when opening unsolicited e-mail messages with attachments.
>
> Web-based e-mail programs: Use of an application-level firewall can
protect
> you from being infected with this virus through Web-based e-mail programs.
>
> RECOVERY (UPDATED):
>
> If your computer has been infected with this virus, please contact your
> preferred antivirus vendor or Microsoft Product Support Services for
> assistance with removing it.
> A potential symptom of infection with the MyDoom.B Virus is that you are
you
> unable to visit your Antivirus vendors website or various Microsoft
websites
> such as support.microsoft.com or windowsupdate.microsoft.com. If you are
> experiencing these symptoms please use the following manual commands to
> enable access to these websites:
>
> Go to Start Run and type cmd to get a command prompt. Within the command
> prompt, type the following commands:
>
> - del /F %systemroot%\system32\drivers\
etc\hosts [enter]
> - echo # Temporary HOSTS file > %systemroot%\system32\drivers\
etc\hosts
> [enter]
> - attrib +R %systemroot%\system32\drivers\
etc\hosts [enter]
>
> On Windows NT, you must reboot after typing these commands.
>
> On Windows 2000, Windows XP, and Windows 2003, you do not need to reboot.
> Instead, you must type the following command:
> - ipconfig /flushdns [enter]
>
> If you have any questions, you should contact Product Support Services in
> the United States at 1-866-PCSafety (1-866-727-2338). International
> customers should contact their local subsidiary.
>
> Thank you,
>
> PSS Security
>
>
>
| |
| Paul Lynch 2004-01-29, 12:23 pm |
| On Thu, 29 Jan 2004 07:25:08 -0800, "Consultant"
< consultant_mcngp_removepants@y
ahoo.com> wrote:
>thanks larry! i'd like to contribute also and let you know that macys is
>having a valentines day sale!
>
>http://www.macys.com/catalog/index....nkType=Homepage
That's great but I'm still not getting you anything....
Regards,
Paul Lynch
(MCNGP Lamer of the Year 2001)
| |
| Consultant 2004-01-29, 12:23 pm |
| ah, come on now.
"Paul Lynch" <paul.lynch@nospam.com> wrote in message
news:eadi10dovjtpckrarud1oip1c
7rhkkj21k@4ax.com...
> On Thu, 29 Jan 2004 07:25:08 -0800, "Consultant"
> < consultant_mcngp_removepants@y
ahoo.com> wrote:
>
>
> That's great but I'm still not getting you anything....
>
>
> Regards,
>
> Paul Lynch
> (MCNGP Lamer of the Year 2001)
| |
| Paul Lynch 2004-01-29, 12:23 pm |
| No....
BTW, I just wanted to say thanks for the tip the other week. I hadn't
seen that post from MS. They didn't have my real e-mail so couldn't
contact me. Sorted now, though.
Cheers ! Pint of Directors or Pedigree ?
Regards,
Paul Lynch
(MCNGP Lamer of the Year 2001)
| |
| Consultant 2004-01-29, 12:23 pm |
| absolutely! best of luck with that by the way.
"Paul Lynch" <paul.lynch@nospam.com> wrote in message
news:htdi10pl3rr3p4tgc16k7ikhm
jmh90olpp@4ax.com...
> No....
>
>
> BTW, I just wanted to say thanks for the tip the other week. I hadn't
> seen that post from MS. They didn't have my real e-mail so couldn't
> contact me. Sorted now, though.
>
> Cheers ! Pint of Directors or Pedigree ?
>
>
> Regards,
>
> Paul Lynch
> (MCNGP Lamer of the Year 2001)
| |
|
|
| Consultant 2004-01-29, 2:23 pm |
| sank you
"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:tski101f7ing9ea101lhpnh26
4ra6g7fk5@4ax.com...
> i just checked the site .nodoubt Exams are cheaper here but how we can
> say about the quality.So i recommend you to go for allit.cetkiller.com
> its also cheap than others.
>
> On Thu, 29 Jan 2004 07:25:08 -0800, "Consultant"
> < consultant_mcngp_removepants@y
ahoo.com> wrote:
>
Mydoom[color=blue]
new[color=blue]
microsoft.com[color=blue]
Services[color=blue]
alert[color=blue]
review[color=blue]
>
>http://www.trendmicro.com/vinfo/vir...ame=WORM_MYDOOM
..B
>
>http://securityresponse.symantec.co...mydoom.b@mm.htm
l
>
>http://www.microsoft.com/technet/tr...echnet/security
/topics/virus/via.asp
virus.[color=blue]
updates[color=blue]
Security[color=blue]
be[color=blue]
Express[color=blue]
programs.[color=blue]
are[color=blue]
are[color=blue]
command[color=blue]
reboot.[color=blue]
in[color=blue]
>
>
> Kline Sphere (Chalk) MCNGP #3
| |
| The Poster Formerly Known as Kline Sphere 2004-01-29, 2:23 pm |
| >sank you
it's real.
Kline Sphere (Chalk) MCNGP #3
| |
| Consultant 2004-01-29, 4:23 pm |
| the cheapest
"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:dtli101eqdt6n2jqoafjlk898
gkugka5l6@4ax.com...
>
> it's real.
>
> Kline Sphere (Chalk) MCNGP #3
| |
| The Poster Formerly Known as Kline Sphere 2004-01-29, 4:23 pm |
| >the cheapest
good enough
Kline Sphere (Chalk) MCNGP #3
|
|
|
|
|