[an error occurred while processing this directive]
Posted: 28 Jan 2004
::: The Messaging Architects Security Alert :::
A powerful worm virus known variously as W32/Mydoom, W32/Novarg.A, W32/Shimg, or W32/Mimail.R is devastating personal and corporate email systems across the globe. When run, the worm steals email addresses from the infected machine and also automatically generates random email addresses for propagation. This email generation engine is similar to technologies spammers use to generate addresses for spam email campaigns. W32/Mydoom also attempts to open a port on an infected PC, allowing a remote hacker to gain control of the system.
Installing an email firewall such as GWGuardian can protect your organization - Download a fully functional trial copy at http://www.messagingarchitects.com/gwguardianee/?CID=1090
W32/Mydoom worm can be defeated by blocking subject lines and attachment types listed below. GWGuardian's protocol filter analyzes the message header content and rejects suspicious email messages before it is even accepted by GWIA.
"The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."
"The message contains Unicode characters and has been sent as a binary attachment."
"Mail transaction failed. Partial message is available."
HOW DO YOU KNOW IF YOU'VE BEEN INFECTED?
Upon executing the virus, Notepad is opened, filled with nonsense
HOW DO YOU CLEAN YOUR SYSTEM?
Update your anti-virus software and run a full scan of your system. Always ensure your virus definition definition files are current. You can also use McAfee's effective removal tool: http://vil.nai.com/vil/stinger/
The following Novell TIDs describe how to purge infected messages from your PO using the GWCheck item purge feature. Although these TIDs were written to remove Code Red, the same measures apply for W32/Mydoom. Just use the subject line and attachments listed above.
GroupWise 6.0-6.5 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10060266.htm
Document Title: Stop W32/Mydoom Mass Mailing Worm before it hits
Security Response Team