Koozie Notes: Computer Virus

January 27, 2004

MyDoom Virus

Last night my wife was complaining about some new virus bouncing around her company's email system. Today I realized my company's mail server was getting hit pretty hard with the new MyDoom virus. Please update your virus signatures.

-Chris

Update:

Also found a nifty tool [Stinger] to find and remove the MyDoom virus.

Slashdot has a thread on MyDoom as well and another thread about the DDOS on SCO.

SCO Offers Cash Reward for MyDoom virus creator.

Posted at 12:13 PM in Computer Virus, SCO Litigation | Permalink | Comments (0) | TrackBack

November 18, 2003

Virus and Paypal

My mail server is already collecting copies of the new paypal virus. I really do hate these virus writers that keep sending this mess out.

I also feel sorry for the poor saps that send their personal information and become victims of identify theft.

-Chris

Mimail mutant targets PayPal users

New PayPal Mimail variant spreading rapidly

Posted at 05:52 PM in Computer Virus | Permalink | Comments (0) | TrackBack

August 30, 2003

Sobig Leader Board

I decided to write a little perl script to count which computers (by their IP address) were sending the most copies of the sobig virus to my mail server. My results are posted below.

Updated List as of 5 SEP 2003

497 24.174.170.34 131 68.18.197.182 93 68.18.195.136 56 68.210.67.235 53 216.73.132.147 51 68.18.219.253 28 66.158.25.199 23 66.25.167.232 22 68.18.212.151 18 207.80.14.199 17 66.25.176.69 16 24.173.96.164 16 64.0.168.226 13 64.123.7.225 11 216.201.167.161 10 24.158.237.47 9 12.227.189.164 6 204.64.231.210 6 217.164.78.7 6 12.35.157.7 5 193.150.229.148 4 192.168.201.33 4 5.5.2653.19 3 205.238.161.10 3 65.120.155.215 3 5.0.2195.5329 3 24.30.203.184 3 65.16.220.29 3 5.0.2195.6713 3 12.108.148.21 3 165.2.141.13 2 171.75.218.203 2 208.45.133.213 2 216.235.75.248 2 216.235.75.136 2 24.30.203.183 2 63.241.214.25 2 206.127.30.22 1 209.87.64.79 1 209.228.32.72 1 216.73.89.169 1 160.79.145.141 1 24.27.30.186 1 161.226.84.200 1 209.246.152.75 1 216.12.120.137 1 205.152.59.71 1 67.167.118.230 1 66.180.166.251 1 66.180.166.253 1 161.226.4.6 1 66.158.29.254 1 38.202.36.27 1 208.41.100.213 1 66.218.93.37 1 160.150.1.50 1 81.29.65.144 1 127.0.0.1 1 204.127.202.58 1 216.176.28.114 1 200.63.212.1 1 67.34.23.241 1 64.205.175.92 1 170.76.20.253 1 216.201.128.36 1 193.79.237.170 1 192.168.200.33 1 209.132.220.158 1 161.226.84.33 1 140.95.205.120 1 209.92.144.234 1 207.8.15.210 1 216.166.60.40 1 200.41.80.9 1 199.227.135.230 1 199.170.88.72 1 69.10.144.43 1 216.166.60.44 1 65.220.160.192 1 204.177.232.120 1 216.113.132.217 1 12.101.29.210 1 65.70.223.214 1 204.127.202.62 1 64.60.161.76 1 128.121.214.70 1 192.168.20.251 1 216.201.143.130

Total: 1183

Original List from First Post
124 24.174.170.34 58 68.18.195.136 56 68.210.67.235 51 68.18.219.253 23 66.25.167.232 22 68.18.212.151 18 207.80.14.199 17 66.25.176.69 16 24.173.96.164 13 64.123.7.225 11 216.201.167.161 10 24.158.237.47 6 12.35.157.7 6 204.64.231.210 5 12.227.189.164 5 193.150.229.148 3 5.0.2195.5329 3 65.120.155.215 3 65.16.220.29 1 12.101.29.210 1 128.121.214.70 1 161.226.4.6 1 161.226.84.200 1 161.226.84.33 1 170.76.20.253 1 192.168.20.251 1 192.168.201.33 1 193.79.237.170 1 199.227.135.230 1 205.152.59.71 1 207.8.15.210 1 209.132.220.158 1 209.228.32.72 1 209.92.144.234 1 216.176.28.114 1 216.201.143.130 1 24.27.30.186 1 24.30.203.184 1 38.202.36.27 1 5.0.2195.6713 1 64.205.175.92 1 65.220.160.192 1 65.70.223.214 1 66.218.93.37 1 67.34.23.241 Total: 476

-Chris

Posted at 12:07 PM in Computer Virus | Permalink | Comments (0) | TrackBack

July 17, 2003

Sobig and Spammers

Joe Stewart has a great paper on the Sobig virus and spammers. He covers the history of the earlier versions and how spammers are going to capitalize on the infected machines.

-Chris

Posted at 11:46 PM in Computer Virus | Permalink | Comments (0) | TrackBack

June 04, 2003

Viral E-mail

I had a good chuckle reading Jim Rapoza column titled, "Idiocy Imperils the Web." Jim asks, why do computer users keep opening those attachments? :-)

Instead of a headline like "Dangerous Fizzer Worm Attacks the Internet," how about "Thousands of Morons Open Obviously Virus-Laden E-mail Attachments"? I kind of like it. It has a light, comedic feel similar to headlines found at The Onion.

I'm running qmailscanner to prevent w32 executable attachments from reaching my users mailbox. This program checks each incoming email based on your ruleset. I set my rules to deny attachments with known excutable file extension, like exe and bat. Some legitimate emails do get denied, but I can live with it.

-Chris

Posted at 10:58 AM in Computer Virus | Permalink | Comments (1)

Koozie Notes

Just a SysAdmin

January 27, 2004

MyDoom Virus

November 18, 2003

Virus and Paypal

August 30, 2003

Sobig Leader Board

July 17, 2003

Sobig and Spammers

June 04, 2003

Viral E-mail

Archives

Categories

License

Notice

February 2012
Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29