[LINK] Novarg / Mydoom / Shimg worm update
James Pearce
james.pearce at zdnet.com.au
Thu Jan 29 11:24:16 EST 2004
----- Original Message -----
From: "Jan Whitaker" <jwhit at melbpc.org.au> wrote:
> At 07:36 PM 28/01/04 +1100, Rick Welykochy wrote:
> >(*) the worm is spread by what appears to be a ZIP file attachment;
> >unfortunately,
> > most people click on this ZIP file, which causes the worm to
self-extract
> > (or perhaps is executed via a hidden .PIF extension?) and execute on
> > their
> > machine; infection is immediate
>
> This hidden .pif was shown on local news last night. it's another one of
> those non-viewable character blocks between the .zip .pif like in the
> webaddresses. I got a bounce yesterday from a clever mailserver where my
> address had been the spoof. The message said that the .pif file attached
> was disallowed and dangerous. good advice, good server behaviour.
Not good AV program behaviour, though. I've received thousands of these
"notification e-mails" this week, it's worse than the virus. Or spam in
sheer volume, for that matter.
Jp
More information about the Link
mailing list