Email Worm Spreading Fast was the headlines for the Minneapolis Star Tribune online yesterday. The latest email virus is out there – and I have been hit. Like the Sobig virus last summer, I have been targeted but not infected.
So, what does this mean? Well, the good news is that I do not have the virus. The bad news is that I received 100 infected email messages from 10:00 pm Monday to 6:00 am Tuesday. My virus checker (Symantec) catches the virus and deletes it from my inbox. However I must manually approve (click OK for) each deletion. It doesn’t sound like a lot – but I have done it literally hundreds of times in the last two days!
What is this virus? I have seen this virus called Norvag and Mydoom. It arrives attached to an email message as a file with one of these extensions: .bat, .cmd, .exe, .pif, .scr, or .zip. The subject lines I have been seeing are results, status, test, and hi.
What does it do? If you get the virus, it can open a backdoor into your system, potentially execute arbitrary files, and allow a hacker to access your network resources.
How can I avoid the virus? First, get and/or update your virus checker. (I wrote an earlier Byte on this.) Second, never open unknown attachments. Even if you know the sender, don’t open anything unexpected or suspicious. The virus can disguise itself as a friend! In fact, many viruses (this one included) will grab random email addresses to put in the “sender” field of the email message. This does not mean that message came from that friend. Another nasty result is that if your email address has been grabbed – you will get email messages telling you that the message you sent had a virus or was undeliverable. This does not necessarily mean you have the virus or that the message came from your computer.
How can I avoid the email? I wish I knew. Yesterday I decided to play hooky and get hundreds of infected email at the end of the day rather than 15 at a time throughout the day. On a tangential note – St. Paul’s ice palace is worth the trip.
For more information on the virus (including what to do if you are infected) check out the Symantec web site.