I have just seen emails (several different kinds) pretending to be sent
from 3 of my isp domains to users of those domains warning users that
their email account would be disabled and asking to open a .pif attachment.
I know largest ISPs probably have expierenced this but I believe what I
have seen today means they are after ISPs (or possibly just after any
domains with number of email addresses under them) of all sizes right at
the moment. All emails we received from the same source ip - 129.59.206.187
Please check your email base for what looks like the following
(in the examples I changed everything to elan.net, actually every isp
domain received different example of this, only first one is exact).
Erm is it me or are the writers of Bagle and Netsky determined to keep morphing
their code to outwit the virus scanners.. is this a new trend in virus writing -
beat the systems by evolving your code quicker than the security firms can
release updates?
Erm is it me or are the writers of Bagle and Netsky determined to keep morphing
their code to outwit the virus scanners.. is this a new trend in virus writing -
beat the systems by evolving your code quicker than the security firms can
release updates?
> Erm is it me or are the writers of Bagle and Netsky determined to keep morphing
> their code to outwit the virus scanners.. is this a new trend in virus writing -
> beat the systems by evolving your code quicker than the security firms can
> release updates?
new trend in that it started only a decade ago?
Perhaps I'm only following this as its affecting us more, but I dont recall a
time previously when I've had so many viruses hitting us and getting thro our
scanners with nothing we can do about it. I dont recall seeing viruses with
variants as high as 'j' before, especially in the relatively short time since
the previous variants were out
Seriously, drop some references if I'm off-track.. its just my perception and
I'm not an expert at all with viruses...
it has gotten to the point for me that i am looking for a whitelisting option on my firewall/a-v gateway instead of a blacklisting one for attachments.
I have just seen emails (several different kinds) pretending to be sent
from 3 of my isp domains to users of those domains warning users that
their email account would be disabled and asking to open a .pif
attachment.
I know largest ISPs probably have expierenced this but I believe what I
Sorry to tell you but this has been around for some time. I was the target -
not a victim - of three of these letters since last year. Naturally I didn't
believe it and warned my ISP what was happening. They have, since, updated
their web page to reflect this but unfortunately haven't done the right
thing and email the users.
New variants of MyDoom, Bagle and Netsky arrive in quick succession as the
battle to control infected computers heats up.
Sophos has issued alerts this morning for MyDoom-G and H, Bagle-J and K
and Netsky F.
The worms are fighting for the control of infected computers which the
virus writers can use for their nefarious activities. Bagle-J contains the
text 'Hey,NetSky, [expletives removed], don't ruine our bussiness, wanna
start a war?'
'You wish that they would have this slagging match on a message board or
in a dark alley, rather than on the Internet,' said Graham Cluley, senior
technology consultant for Sophos. 'It's like an argument where everyone
wants the last word.' So the flood of viruses doesn't look likely to end
any time soon.
The text in Bagle-J supports the theories of antivirus companies that
virus writers are being given a financial incentive to write these worms -
perhaps by spammers who can send their emails through the infected
machines.
And indeed previous variants of Bagle and Netsky remove evidence of
infection by their rivals
..."
Security analysts are asking themselves whether the wave of malicious
worms that began traversing the Internet Friday and continued their blitz
Tuesday was a coordinated attack or mischievous coincidence.
No question it has been a deluge of worms. Seven variations of Bagle and
two of Netsky surfaced in the last five days. Was the flood just
happenstance? Or was there something more devious behind the surge?
The answer, said security experts, is a bit of both, with some fighting
over hacker turf thrown in for good measure
..."