Re: Having Hotmail problems? Please read.

From: PA Bear (PABear_at_mvps.org)
Date: 02/10/04 

Date: Mon, 9 Feb 2004 20:58:56 -0500

Yes, kinda/sorta. See
http://www.microsoft.com/security/antivirus/mydoom.asp and:

<paste>
[MS] PSS Security Response Team Alert - New Worm: W32/Mydoom.C
SEVERITY: MODERATE

DATE: February 9, 2004

PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail

**********************************************************************

WHAT IS IT?

Mydoom.C (also referred to as DoomJuice) is a variant of the Mydoom worm
that attacks and infects only those systems which are currently infected
with Mydoom.A. Customers who are not infected by Mdoom.A are not at risk
from Mydoom.C. Customers who are currently infected with Mydoom.B are
not at risk from Mydoom.C.

Mydoom.C also attempts to levy a denial of service attack against
Microsoft properties. All Microsoft proprerties are available and
stable. There is more information available at:

http://www.microsoft.com/security/antivirus/mydoom.asp

The Microsoft Product Support Services Security Team is issuing this
alert to advise customers to be on the alert for this virus as it
spreads in the wild. Customers are advised to review the information
and take the appropriate action for their environments.

IMPACT OF ATTACK: Denial of Service

TECHNICAL DETAILS:

For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:

Computer Associates:
http://www3.ca.com/virusinfo/virus.aspx?ID=38238

Network Associates:
http://vil.nai.com/vil/content/v_101002.htm

Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html

Trend Micro:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.A

For more information on Microsoft's Virus Information Alliance please
visit this link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/virus/via.asp
Please contact your Antivirus Vendor for additional details on this
virus.

PREVENTION:

Mydoom.C propegates only to system that are currently infected by
Mydoom.A by connecting on TCP port 3127. You can prvent infection by
Mydoom.C by blocking access to TCP port 3127 (Note: The Internet
Connection Firewall (ICF) in Windows XP blocks access to TCP port 3127
by default. In addition, you can prevent against infection by Mydoom.C
by ensuring that you are not infected with Mydoom.A, either by
preventing infection from Mydoom.A or by cleaning a system that has been
infected by Mydoom.A as quickly as possible.

To prevent infection from Mydoom.A:

Outlook 2000 post SP2 and Outlook XP SP2 include the most recent updates
to improve the security in Outlook and other Office programs. This
includes the functionality to block potentially harmful attachment
types. It can be configured to block Zip file attachments but does not
do so by default.

To ensure you are using the latest version of Office click here:
http://office.microsoft.com/ProductUpdates/default.aspx

By default, Outlook 2000 pre SR1 and Outlook 98 did not include this
functionality, but it can be obtained by installing the Outlook E-mail
Security Update. More information about the Outlook E-mail Security
Update can be found here:
http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

Outlook Express 6 can be configured to block access to
potentially-damaging attachments. Information about how to configure
this can be found here:
http://support.microsoft.com/?id=291387

Outlook Express all other versions: Previous versions of Outlook Express
do not contain attachment-blocking functionality. Please exercise
extreme caution when opening unsolicited e-mail messages with
attachments.

Web-based e-mail programs: Use of an application-level firewall can
protect you from being infected with this virus through Web-based e-mail
programs.

To clean a system infected with MydoomA:

If Mydoom.A has infected computers in your organization, please contact
your preferred antivirus vendor or Microsoft Product Support Services
for assistance with removing it.

You can also use the Mydoom recovery tool that is detailed in Microsoft
Knowledge Base article 836528 to remove the Mydoom.A and Mydoom.B worms
from your system.

RECOVERY:
If your computer has been infected with this virus, please contact your
preferred antivirus vendor or Microsoft Product Support Services for
assistance with removing it.

TECHNET SECURITY LINK:
http://www.microsoft.com/technet/security/virus/alerts/mydoomc.asp

If you have any questions, you should contact Product Support Services
in the United States at 1-866-PCSafety (1-866-727-2338). International
customers should contact their local subsidiary.

Thank you,

PSS Security
</paste>

mae wrote:
> It is probably related to this since it seems to be scattered:
> http://www3.ca.com/virusinfo/virus.aspx?ID=38238
> Win32.Doomjuice.A is a worm spreading through a backdoor installed by the
> Win32.Mydoom worms
> The worm launches a DoS (Denial of Service) attack on Microsoft.com
> starting February 8th
>
> mae
> ---------------------------------------------
> "PA Bear" <PABear@mvps.org> wrote in message
> news:uYVuZF37DHA.4060@tk2msftngp13.phx.gbl...
>> Posted at 6:59 PM ET, 09 Feb-04 in MSN Discussion newsgroup:
>>
>> "Just got off the phone with MSN Software tech support
>> regarding the host of issues they have been having (pages
>> not loading or loading slowly, DNS errors, CSS not
>> loading, pictures/video not loading, etc.). The tech
>> admitted that they currently have "server issues"
>> nationwide and they are working on it. There is no ETA
>> because they have no idea what the problem is. I did some
>> testing from various US, European and East Asian
>> locations and ended up with the same issues as described
>> above."
>> --
>> HTH...Please post back to this thread
>>
>> ~Robear Dyer (aka PA Bear)
>> MS MVP-Windows (IE/OE), AH-VSOP
>>
>> AumHa Forums
>> http://forum.mvps.org/
>>
>> Protect Your PC
>> http://www.microsoft.com/security/protect

Relevant Pages

  • Re: W32.swem.A@MM
    ... The 'swen' worm and its effects, ... there is not much you can do to stop the flood. ... e-mail for virus infection. ... the hotlinks in this message are valid Microsoft links, ...
    (microsoft.public.security.virus)
  • PSS Moderate Security Alert - New Worm: W32.Fizzer.A@mm
    ... Microsoft Outlook, Microsoft Outlook Express, and ... W32.Fizzer.A@mm is a mass-mailing worm. ... Services Security Team is issuing this alert to advise customers to be on ...
    (microsoft.public.security)
  • Security Alert: W32/Braid@mm
    ... PSS Security Response Team Alert - New Virus:W32/Braid@mm ... Microsoft Outlook, Microsoft Outlook Express, and ... Network Share Infection ...
    (microsoft.public.security)
  • Re: MICROSOFT IS SENDING ME VIRUSES!!!!!!!
    ... Microsoft is not sending you viruses. ... The 'swen' worm and its effects, ... e-mail for virus infection. ... I must empty my mailbox every 5 minutes, ...
    (microsoft.public.security.virus)
  • Re: Microsoft updates - possible virus?
    ... This worm has two main effects, ... the hotlinks in this message are valid Microsoft links, ... You can install all appropriate Microsoft security patches and Service ... you can proof your system against infection, ...
    (microsoft.public.security.virus)
Loading