[TN-Bird] TN-Birders:Watch for e-mail infection
- From: Wallace Coffey <jwcoffey@xxxxxxxxxx>
- To: 1-A TN-Birds <tn-bird@xxxxxxxxxxxxx>
- Date: Tue, 27 Jan 2004 14:59:53 -0400
TN-Birders:
The mass-mailing worm W32.Novarg.A@mm was discovererd on January 26, 2004
and is causing a serious problem for e-mail users.
I am not aware of any such messages making it to the TN-Birds list. It is
reported as a worm that does not damage your computer but it will spread by
e-mail and send massive messages to persons in your address books.
YOU CAN PREVENT THE PROGRESS OF THIS WORM BY NOT OPENING THE ATTACHMENT.
THIS IS EXTREMELY IMPORTANT TO PROTECT THOSE IN YOUR ADDRESS BOOK.
If your computer system is: Windows 2000, Windows 95, Windows 98, Windows
Me, Windows NT, Windows Server 2003, Windows XP are not affected by this worm.
It does not affect the systems: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.
The messages usually arrive in your e-mail with one of the following subject
lines:
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
The actual body of the message that you can see and read without opening the
attachment has one of the following messages:
Mail transaction failed.
Partial message is available.
The message contains Unicode characters and has been sent as a binary
attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent
as a binary attachment.
So far I have received a few messages with the worm but my Symnantec
Security antivirus program appears to be catching and deleting them as far
as I can determine.
W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with
the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm will set up a backdoor into the system
by opening TCP ports 3127 through 3198, which can potentially allow an
attacker to connect to the computer and use it as a proxy to gain access to
its network resources.
In addition, the backdoor can download and execute arbitrary files.
The worm will perform a Denial of Service (DoS) starting on February 1,
2004. It also has a trigger date to stop spreading on February 12, 2004.
We may see the internet and e-mail delivery slow down considerably in the
next few days as this virus spreads.
If any of you have the ability to go online and update your virus protection
software, please do so as soon as possible. Most software venderos are up
and running online with updates at this hours. You can also download a tool
which will clean the worm from your system if you determine it has been
infected.
I hope this helps subscribers better deal with this worm and that everything
returns to normal soon.
Let's go birding......
Wallace Coffey
Moderator
TN-Birds
Bristol, TN
=================NOTES TO SUBSCRIBER=====================
The TN-Bird Net requires you to sign your messages with
first and last name, city (town) and state abbreviation.
-----------------------------------------------------
----------------------------------------------------
To post to this mailing list, simply send email to:
tn-bird@xxxxxxxxxxxxxx
-----------------------------------------------------
To unsubscribe, send email to:
tn-bird-request@xxxxxxxxxxxxx
with 'unsubscribe' in the Subject field.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
TN-Bird Net is owned by the Tennessee Ornithological Society
Neither the society(TOS) nor its moderator(s)
endorse the views or opinions expressed
by the members of this discussion group.
Moderator: Wallace Coffey, Bristol, TN
wallace@xxxxxxxxxxxxxxxxxxx
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Visit the Tennessee Ornithological Society
web site at http://www.tnbirds.org
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Topographical Maps located at http://topozone.com/find.asp
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
========================================================
Other related posts:
- » [TN-Bird] TN-Birders:Watch for e-mail infection
