This weblog is no longer being maintained. All information here has been ported to EclecticEchoes.com. This site (heupel.com/eclectic) remains only for archival purposes.
Overview
The CERT/CC ® has been receiving reports of a new mass-mailing virus known as W32/Novarg.A, W32/Shimg, or W32/Mydoom that has been reported to open a backdoor to the compromised system and possibly launch a denial-of-service attack against a web site at a fixed time in the future.
Description
The virus arrives as an email message with a 22,528-byte attachment that has a random filename with a file extension of .cmd, .pif, .scr, .exe, or .bat. The attachment may also arrive as a ZIP archive.
Some messages containing the virus have had the following characteristics:
Subject: <random> From: <spoofed> To: <email address> Body: (The body has been reported to contain one of the following three messages.) "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment." "The message contains Unicode characters and has been sent as a binary attachment." "Mail transaction failed. Partial message is available."In addition to the backdoor capabilities, the virus is also believed to have the capability to launch a distributed denial-of-service attack against a specific web site beginning on February 1, 2004. As with other malicious code having mass-mailing capabilities, W32/Novarg.A may cause “collateral” denial-of-service conditions in networks where either (a) multiple systems are infected, or (b) large volumes of infected mail are received.
Another one out in the wild…
For more information – not much more is available right now – check in with CERT/CC’s Incident IN-2004-01 page, which has links to updated virus database’s for the major AV packages out there. They also have the normal recommendations (which still go unheeded!) for limiting exposure.
So everyone be sure to keep your digital prophylactics fresh and ready.
Arrrrrgggggggggghhhhhhhhhh.
It’s really a bit aggrevating— I can’t find a happy combination of using UTF-8 and still having legal characters etc… I’ve tried UTFHack and turning off encode entities, as well as leaving entiities on and using UTFhack. I just want a filter that will escape the XHTML / XML mandatory escaped charcters (in other words &, <, and > (I know it doesn’t have to be escaped but for the sake of symmetry and all…) and leave alone any Unicode I drop into any field in MT. Preferably a filter I can apply once per template, or better yet globally, then turn it off on a case by case basis. I would really like to talk about katagami, sashiko and shibori influences. Some of the references are Japanese (big surprise) and the websites don’t use western european encoding for some reason. At least with Unicode I could present them properly….