- The message contains Unicode characters and has been sent as a binary
- Posted by Tanya on January 27th, 2004
hi,
this "The message contains Unicode characters and has been sent as a
binary
attachment".has arrived now 5 times today and to make matters worse,
from different domains
ezTrust and avg6 has cleared these....
they are smaller than 50 kbs (which i have set as the limit for
messages)
is anyone familiar w/ the body text?
any and all help is GREATLY appreciated
thanks!
p.s. they contain various .scr files and some .zips
THANKS!
- Posted by FromTheRafters on January 27th, 2004
"Tanya" <tjtmdREMOVE_THIS@attglobal.net> wrote in message news:4015EB30.9E7A3364@attglobal.net...
w32/mydoom@mm some call it a mimail variant.
- Posted by Heather on January 27th, 2004
"Tanya" <tjtmdREMOVE_THIS@attglobal.net> wrote in message
news:4015EB30.9E7A3364@attglobal.net...
I really hope you are not using TWO on-access antivirus scanners at the
same time......you are asking for conflicts if you are. It is OK to
have one of them as a manual scanner......but not both running all the
time.
Heather
- Posted by Tanya on January 27th, 2004
Heather wrote:
no i am NOT using 2 antiVirals on the same pc
ezTrust is on 1 and avg6 is on the others
the problem is that neither program is catching them
(multiple messages)
thanks
i guess for now i'll limit message sizes to < 20 kb
?
- Posted by Tanya on January 27th, 2004
FromTheRafters wrote:
thank you...
temporarily i guess it's enough to limit message size?
however these are originating from different domains (full header info)
(different ip addresses on the received lines etc)
and spam cop's "suggestions" (i.e. where to send reports to) all bounce
- Posted by Big Will on January 27th, 2004
w32.novarg.a@mm. It was released yesterday and is a category 4 mass mailing
worm that also is going to start doing DoS attacks on 1 Feb. 2004. Go to
http://securityresponse.symantec.com...varg.a@mm.html
for more information from Symantec.
--
William
If it don't work, hit it.
If it still doesn't work, kick it.
If it works after hitting it and kicking it, then it doesn't matter if
hitting it or kicking it helped, what's important is that it works.
"Tanya" <tjtmdREMOVE_THIS@attglobal.net> wrote in message
news:4015EB30.9E7A3364@attglobal.net...
- Posted by Big Will on January 27th, 2004
It also is kown as mydoom and mimail
--
William
If it don't work, hit it.
If it still doesn't work, kick it.
If it works after hitting it and kicking it, then it doesn't matter if
hitting it or kicking it helped, what's important is that it works.
"Big Will"
<SpamWSpamiSpamlSpamlSpamBSpam4SpameSpamvSpaaaaame SpammityrSpam@nIdontlikeSp
ametzero.net> wrote in message news:4016e2ad$1@darkstar...
- Posted by Tanya on January 27th, 2004
Big Will wrote:
thanks,
i did read the symantec info (plus other sources)
i usually receive this kind of "program" from the same ip address / domain (with
the full header view) but so far i've gotten ~ 15 and they are from different
ips (full header)
i did not think that these were "smart" enough to change the received lines
etc... or that i know so many dumb people???
(i also read that this *worm* will stop sending itself on feb 12th???
thanks
sincerely
Tanya
- Posted by Big Will on January 27th, 2004
I don't know that it does forge the IP address, though. To be honest, I
don't know if that's possible without forging an entirely new received line
(which usually doesn't match to the next received by...from line). Who
knows, though. I suppose it's possible.
--
William
If it don't work, hit it.
If it still doesn't work, kick it.
If it works after hitting it and kicking it, then it doesn't matter if
hitting it or kicking it helped, what's important is that it works.
"Tanya" <tjtmdOMIT_THIS@attglobal.net> wrote in message
news:4016ECE5.8411D197@attglobal.net...
- Posted by s&w@none.none on January 27th, 2004
On Tue, 27 Jan 2004, "Big Will"
<SpamWSpamiSpamlSpamlSpamBSpam4SpameSpamvSpaaaaame SpammityrSpam@nIdontlikeS
pametzero.net> wrote:
You can only forge an entire Received: line, you can't forge the
originating IP in a valid Received: line.
The worm does, though, send a false EHLO that it gets from the domain of
the forged sender's address. That does show up in the first (lowermost)
Received: line.
MyDoom does not forge any Received: lines that I have seen in the 60 or so
emails that came to me.
- Posted by Big Will on January 30th, 2004
It sounds like Novarg, also known as MyDoom or Mimail. It's a categor 4
mass-mailing worm that will start DoS attacks on Feb 1, and installs a
back-door program on ports 3127 through 3198. This worm should stop sending
itself on Feb 12, so by then you'll stop receiving those messages. Of
course, don't open attatchments (even if they appear to be txt, cuz they're
probably double extensionned i.e. message.txt.exe), and if you have already,
then I suggest going to http://housecall.trendmicro.com. You could also
find more information about this worm at
http://securityresponse.symantec.com...varg.a@mm.html
--
William
If it don't work, hit it.
If it still doesn't work, kick it.
If it works after hitting it and kicking it, then it doesn't matter if
hitting it or kicking it helped, what's important is that it works.
"Tanya" <tjtmdREMOVE_THIS@attglobal.net> wrote in message
news:4015EB30.9E7A3364@attglobal.net...
- Posted by Big Will on January 30th, 2004
LOL. forgot I replied to that already.
--
William
If it don't work, hit it.
If it still doesn't work, kick it.
If it works after hitting it and kicking it, then it doesn't matter if
hitting it or kicking it helped, what's important is that it works.
"Big Will"
<SpamWSpamiSpamlSpamlSpamBSpam4SpameSpamvSpaaaaame SpammityrSpam@nIdontlikeSp
ametzero.net> wrote in message news:401a9b4f$1@darkstar...
- Posted by Tanya on January 31st, 2004
well, that's better than no replies
sincerely
Tanya
Big Will wrote:
