Dismiss Notice

Psst... Ready to join TalkBass and start posting, make new friends, sell your gear, and more?  Register your free account in 30 seconds.

Novarg/MyDoom question...

Discussion in 'Off Topic [BG]' started by Andy Daventry, Feb 11, 2004.


  1. I keep getting MyDoom mails - a couple everyday. This is no problem as I recognise the 31 kb files and delete them without opening. However, now I also keep getting mail server replies from various domains saying that mails I have sent have been deleted as they carry MyDoom or Novarg attachments.

    I recognise none of the e-mail addresses that I allegedly sent mails to, and my sent mail file does not show these mails...in fact I did not send these mails. Does anyone know what is going on? Is this something I should be worried about?
     
  2. JMX

    JMX Vorsprung durch Technik

    Sep 4, 2000
    Cologne, Germany
    They're fake and have mydoom in it, disguised as "your email that gets sent back to you". Delete them too.
     
  3. But they are not big enough and don't have attachments....
     
  4. JMX

    JMX Vorsprung durch Technik

    Sep 4, 2000
    Cologne, Germany
    Hm, all I know is that I got one, and it was infected. I don't remember the size, but it was fairly small.

    If you don't know 'em, delete 'em.
     
  5. What worries me is the possibility that somewhere my e-mail is being used as a spoof addy. My computers are mydoom free and I use web based e-mail anyway, so.....
     
  6. Bruce Lindfield

    Bruce Lindfield Unprofessional TalkBass Contributor Gold Supporting Member

    I get the same thing - they are fakes, but presumably you have a virus checker programme, which has automatically removed the virus which was all there was apart from the misleading header - that's why it's so small - or at some point an anti-virus programme has removed it - maybe it went through a firewall?

    I think this confusion is what they are relying on, to spread the virus!! :meh:
     
  7. Petebass

    Petebass

    Dec 22, 2002
    QLD Australia
    I just spent money getting a computer guy to educate me on these things:-

    Look into Norton Internet Security. Not only does it intercept viruses, it has a good spam filter and a firewall to stop hackers. It also has a for of spybot that stops trojans and dialers from ending up in your registry.

    Or, download Mailwasher. It's free and it lets you filter you emails before you download them. Delete anything that looks fishy.

    It's also a good idea to run Adaware occasionally.
     
  8. MJ5150

    MJ5150 Terrific Twister

    Apr 12, 2001
    Lacey, WA
    Looks to me like you already have the virus on your system.

    -Mike
     
  9. Josh Ryan

    Josh Ryan - that dog won't hunt, Monsignor. Staff Member Supporting Member

    Mar 24, 2001
    It could easily be what JMX said. His email was probably culled from one of his contacts address book.
     
  10. Josh Ryan

    Josh Ryan - that dog won't hunt, Monsignor. Staff Member Supporting Member

    Mar 24, 2001
    As a computer guy, I can say that what your computer guy told you will work. If you prefer you can sub spybot for adaware and sub Agnitum and AVG for Norton.
     
  11. JMX

    JMX Vorsprung durch Technik

    Sep 4, 2000
    Cologne, Germany
    IIRC when I saved the email on my desktop and opened it I got a data.zip file, unzipped it gave me a .MSG file, when I opened that in The Bat I got an "empty" email with the mydoom virus.
     
  12. Three different situations.

    <ol>
    <li>Mails that are around 31kb and have an attachment. They say 'Hi' or similar, and are the 'classic' myDoom vehicle.
    <li>Messages which claim to be returns of undeliverable e-mails. These, as JMX notes, are another way of spreading the trojan
    <li>Standard, automatic returns from ISPs or corporate mailservers informing of a virus and showing the total routing of the mail. Normally 1 or 2 kb at the very most, no attachment.
    </ol>

    I have got a couple of type threes. These servers seem to have received mails ostensibly from me, and responded to them informaing me that the message has been deleted and MyDoom. found. However, I did not send the messages in the first place.

    I know my system is MyDoom free because I have NAV completely up to date, I have also run the Symantec removal tool on my machines, I use a firewall and there has been no activity through the ports MyDoom uses for its DoS or backdoor entry.

    So mt theory is that my addy is going out as a spoof from somewhere else.

    I don't use outlook or any other mail client. I keep my mail on the server and access through http.
     
  13. Bruce Lindfield

    Bruce Lindfield Unprofessional TalkBass Contributor Gold Supporting Member

    Your address could easily be on somebody else's PC who has been infected!