IBM Computer, Laptops and Servers
Back Homepage Content Directory Resource Guide Blog
Laptop | Servers | Computers | Notebook | Computer | Business Integration | Server | Mainframes | Cheap Laptop | Laptop Batteries

US-CERT Alert: W32/MyDoom Revisited

Since the W32/MyDoom mass-mailing virus first appeared on the Internet, US-CERT continues to see new variants appearing and many variants (new and old) continuing to spread. Many variants of W32/MyDoom are known to open a backdoor and use their own SMTP engine to spread through email. This virus has also been identified as W32/Bofra by some vendors.
Recent reports to US-CERT indicate that the W32/MyDoom variants propagate and communicate on TCP ports 1639, 1640, and 6667. The variants discovered on November 8th and 9th of 2004 may attempt to exploit an IFRAME vulnerability in Microsoft Internet Explorer, described in VU#842160. These variants may arrive as an email message with the following characteristics:

* Spoofed From address
* A Subject line containing one of the following:
o Hi!
o
o
o Confirmation
o funny photos :)
o hello
o hey!
* Body text containing a URL that leads to a malicious site.

Upon clicking on the URL, the user will visit a web page that attempts to exploit VU#842160. There is a patch available to address this vulnerability. For more information about this patch, please refer to the "Solution" section of VU#842160.

As a general rule, US-CERT recommends filtering all types of network traffic that are not required for normal operation by using a firewall, IPsec policies, or similar technology. If this is impractical, sites should consider blocking both inbound and outbound traffic to the ports listed above at both the host and network level, depending on network requirements.

If access cannot be blocked for all external hosts, US-CERT recommends limiting access to only those hosts that require it for normal operation.

Additionally, US-CERT strongly encourages users not to follow unknown links, even if sent by a known and trusted source. Users are encouraged to install and maintain anti-virus software and exercise caution when handling attachments. Anti-virus software may not be able to scan password protected archive files, so users must use discretion when opening archive files and should scan files once extracted from an archive.

You may also wish to visit the US-CERT's Computer Virus Resources page for additional information.

[ Comment, Edit or Article Submission ]

Share this:

Add To Yahoo MyWeb Add To Google Bookmarks Add To Furl Fav This With Technorati Add To Newsvine Add To Bloglines Add To Ask Add To Windows Live Add To Slashdot Stumble This Digg This Add To Del.icio.us Add To Reddit

More about:

Nov December 2008 Jan
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
IBM Computer, Laptops and Servers Blog on Technorati Related Blog of IBM Computer, Laptops and Servers on Sphere

New Posts on Blog RSS Blog New Posts Feed Atom Blog New Posts Feed

References:
Content Directory
Resource Guide


LaptopShop Cheap Laptops New n Refurbished Laptops

Website Links
toshiba | laptop battery | thinkpad | microsoft | laptop computers | laptop computer | desktop computer | notebooks | lenovo | hard drive | doEvaTr742167481ckPgS
IBM Computer, Laptops and Servers Copyright © 2008 www.ibmfans.com. All rights reserved. Site Map
Homepage | Blog | Advertise | Privacy Policy | Disclaimer | Contact Us | Links