Hi, all -
"Heads up!"
There is a new variant of the MyDoom virus that does not work in the usual way.
Previous MyDoom virii have attached the virus payload to an email message. The new variants (AH and AI, so far) simply include links to infected machines. The links exploit the Internet Explorer IFRAME vulnerability and then worm their way into address books, install SMTP servers and self-start registry entries, and generally make nuisances of themselves by sending emails to your contacts encouraging them to click links back to your machines.
Since the email does not contain the payload, the virus cannot be caught at the email level. Therefore, be especially careful that your firewalls and antivirus programs have the definitions for the new variants and that all machines on your systems have the very latest patches from http://windowsupdate.microsoft.com.
As of this writing, Symantec has published defintions for the AH and AI variants. McAfee has published only the AH variant. Fortinet and Sophos have published these variants under the name bofra-a and bofra-b
More info is at
http://www.integratedmar.com/connectit/stories/1319.cfm http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED] http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED] http://www.sophos.com/virusinfo/analyses/w32bofrab.html
-Dave Doherty
Dataworld, Inc.
Skywaves, Inc.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
