McAfee AVERT, het Anti-Virus Emergency Response Team van Network Associates, heeft een zogenaamd 'high-risk outbreak assessment' toegewezen aan het nieuwe Mydoom-virus.
Marius van Oers, van het Nederlandse onderdeel van McAfee AVERT, zegt het volgende over het virus: "Deze worm is zeer schadelijk en verspreid zich bijzonder snel: hij is nu al op alle continenten gesignaleerd. De worm verspreid zich via email, maar het onderwerp en de tekst in de email variëren, wat betekent dat mensen extra alert moeten zijn bij het openen van emails met attachments."
De remedie tegen het virus staat op de McAfee AVERT site http://vil.nai.com/vil/content/v_100983.htm. Gebruikers van McAfee Security antivirusproducten moeten hun systemen vanaf die pagina updaten.
Meer informatie vindt u in onderstaande virusalert. Als u nog vragen heeft, of met Marius van Oers wilt spreken, dan kunt u contact opnemen met Jurriaan Trommels op 020 530 4348 of via jurriaan.trommels@text100.nl.
Met vriendelijke groet,
Ezra van Tiel
Text 100 Public Relations
T: 020 530 4343
M: 06 1887 1641
E: ezra.vantiel@text100.nl
- PERSBERICHT -
Virus Alert: Network Associates(R) McAfee AVERT Places High Risk Outbreak Assessment on New W32/Mydoom@mm Worm
McAfee AVERT Announces Discovery of W32/Mydoom@mm Mass Mailer E-Mail Worm
BEAVERTON, Ore., Jan. 26 /PRNewswire-FirstCall/ -- Network Associates, Inc.
(NYSE: NET) the leading provider of intrusion prevention solutions, today announced that McAfee(R) AVERT(TM) (Anti-Virus Emergency Response Team), the world-class anti-virus research division of Network Associates(R), assigned a high risk outbreak to the recently discovered W32/Mydoom@mm, also known as Mydoom. Mydoom is a destructive worm that spreads via email as a binary attachment-making itself appear as if the attachment is a text file. The discovery of the virus was announced today by McAfee AVERT and has been found in as many as 25 companies and seen throughout Asia Pacific, Canada, Europe, Japan, Latin America and the United States.
Symptoms
Mydoom is an Internet worm that once activated opens Windows Notepad and fills it with nonsense characters. The worm then tries to spread via email and by copying itself to the shared directory for Kazaa clients, if they are present. Users should immediately delete any email containing the
following:
From: (Spoofed)
Subject: (Random)
Body of email: (Varies)
Attachment: Varies, but often arrives as an exe, .PIF, .CMD or .SCR in a ZIP archive that is 22,528 bytes
Pathology
After being executed, Mydoom emails itself out as an attachment with the filenames c:\Program Files\KaZaA\My Shared Folder\activation_crack.scr, c:\WINDOWS\Desktop\Document.scr and c:\WINDOWS\SYSTEM\taskmon.exe. The icon used by the file tries to make it appear as if the attachment is a text file. Mydoom also uses a DLL that it creates in the Windows System directory c:\WINDOWS\SYSTEM\shimgapi.dll. It then creates a registry entry to hook Windows startup at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\_CurrentVersion\Run "TaskMon"
= %SysDir%\taskmon.exe. Mydoom opens a connection on TCP port 3127 suggesting remote access capabilities.
Cure
Immediate information and cure for this virus can be found online at the Network Associates McAfee AVERT site located at http://vil.nai.com/vil/content/v_100983.htm . Users of McAfee Security anti-virus products should update their systems from that page.
Network Associates McAfee(R) Protection-in-Depth(TM) Strategy delivers the industry's only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block these types of attacks. This allows customers to protect themselves while they plan their patch deployment strategy.
AVERT Labs is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers in offices on five continents.
AVERT protects customers by providing cures that are developed through the combined efforts of AVERT researchers and AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.
About Network Associates
With headquarters in Santa Clara, California, Network Associates, Inc.creates best-of-breed computer security solutions that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats. Offering two families of products, McAfee System Protection Solutions, securing desktops and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate network, Network Associates offers computer security to large enterprises, governments, small and medium sized businesses, and consumers.
For more information, Network Associates can be reached at 972-963-8000 or on the Internet at http://www.networkassociates.com/ .
# # #
Voor meer informatie:
Jurriaan Trommels
Text 100 Public Relations
T: 020 530 4348
E: jurriaan.trommels@text100.nl
NOTE: Network Associates, McAfee, AVERT and Sniffer are either registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners.