Novell Home

BorderManager Defeats MyDoom.M Worm

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 29 Jul 2004
 

The recent MyDoom.M mail virus, tricked thousands of computer users into spreading a flood of bogus e-mail messages. Internet search sites such as Google, Lycos, Yahoo, and AltaVista were knocked off line for several hours.

There was a silver lining to this cloud for Novell and its engineering teams, however. When other mail servers couldn't defend themselves against the MyDoom virus, Novell BorderManager 3.7 and 3.8 mail proxies spared a number of customers and clients from this attack.

Recognizing and Dealing with MyDoom.M

The MyDoom virus is a mass-mailing worm. Its e-mails typically appear with the following characteristics (acme.com represents the recipient's domain name):


From: (spoofed)
Examples : noreply@acme.com
MAILER-DAEMON@acme.com
postmaster@acme.com
[Spoofed to appear as though it is coming from a valid address at the recipient's domain]

Subject (varies) examples : Mail System Error - Returned Mail Returned mail: see transcript for details


Mail Body (varies)
Examples:
[Your email account was used to send a huge amount of unsolicited email messages during this week. Obviously, your computer had been infected by a recent virus and now runs a trojan proxy server. We recommend you to follow our instruction in order to keep your computer safe.

Sincerely yours,
The acme.com support team.]

Attachment (varies) examples :acme.com.zip

Do NOT run the attached .zip file, as that will spread the virus. Instead, delete that type of e-mail from both your mailbox and the trash.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell