I know we all hate McAfee's products but their best kept secret (and best product) is their standalone disinfector for the most common "out there" viruses, Stinger. Version 1.9.7 has been posted and gets this nasty and the latest Dumaru variants. You can get it from http://vil.nai.com/vil/stinger
Cheers, Phil --------------------------------------------- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Scott > Weston > Sent: 27 January 2004 01:48 > To: Exchange Discussions > Subject: RE: New variant of W32/Dumaru.y > > > MessageLabs, the leading provider of managed email security > services to > businesses worldwide, has intercepted a high number of copies > of a new worm > known as W32/Mydoom.A-mm. > > Name: W32/Mydoom.A-mm > Number of copies intercepted so far: 165,598 > Time & Date first captured: 13.03pm GMT, 26th Jan 04 > Origin of first intercepted copy: Russia > > W32/Mydoom.A-mm is a mass-mailing worm that attempts to > spread via email and > by copying itself to any available shared directories used by Kazaa. > > The worm harvests addresses from infected machines and > targets files with > the following extensions: .wab, .adb, .tbb, .dbx, .asp, .php, > .sht, .htm, > .txt. > > > > > > On January 23, 2004, MessageLabs, the leading provider of > managed email > security services to businesses worldwide, intercepted a > large number of > copies of another variant of the Dumaru email worm - W32/Dumaru.Y. > > > General > The initial copy of this new variant originated from the > United States. To > date, the majority of infected emails that MessageLabs has > intercepted were > sent from the United Kingdom - 42% of the total number of emails seen. > > Name: W32/Dumaru.Y-mm > Aliases: W32/Dumaru.Z-mm > Number of copies intercepted so far: 5,027 > Time & Date first Captured: 23rd Jan 2004, 20.56 GMT > Origin of first intercepted copy: United States > > The worm arrives as an attachment to an email called > myphoto.zip (17Kb). The > sender's email address may be forged, and therefore does not > indicate the > true identity of the sender. > > > > > > > > -----Original Message----- > From: Steve [mailto:[EMAIL PROTECTED] > Sent: Monday, January 26, 2004 4:15 PM > To: Exchange Discussions > Subject: New variant of W32/Dumaru.y > > > We got a new variant of this that neither McAfee or Trend is stopping > (extra.dat is on the way). It is zipped and the subject and > attachment > name changes. Here is a link to NAI's description: > > http://vil.nai.com/vil/content/v_100980.htm > > Still nothing from Trend. This thing spreads like fire. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
