Attention Wynd and Deafwireless users...

[pinkster]

Out of curiosity, are you getting strange messages on your pagers? I keep getting messages from people I dont know, and the msg says,

"The message cannot be represents in a 7-bit ASCII encoding and had been sent as a binary attachment <attachment doc.zip removed>"

I got one from some random aol person, then another wynd user, and now another one from a yahoo user, but they're complete strangers! Are you having this problem? Do you know of any solutions?

Any feedback would be nice I know DW and Wynd kind of suck but lets not go off the point :P

 

[eternity]

The message cannot be represents in a 7-bit ASCII encoding and had been sent as a binary attachment <attachment doc.zip removed

Maybe that pager cant receive that attachment doc.zip --like your pager cant read it so it has to removed. I assume. I havent use my pager since it screwed up (oct) blah..

 

[gnarlydorkette]

o_O speaking of the devil.. I just deleted an email that is completely encrypted in strange codes and had an attachment to it.. and it was from a fellow Wynder. I refused to open it, who knows, it could be a virus.

(is checking her abandonded Wyndie pager)

Nada so far.

You can always report it to Wynd to check it out...

 

[Lasza]

Pinkster, You are not only one.
I received some emails from strangers with file attachment. *Puzzled*

 

[Dennis S.]

Those are a part of the newest virus making rounds on the internet. The person you see in the "from" address is SPOOFED (faked addresses being put in place of the person who really sent you the email).

What happened was that someone who has YOUR EMAIL ADDRESS IN THEIR ADDRESS BOOK got the virus! The virus then sent itself to everyone in their address book, putting someone else as the "from" (who is ALSO in their address book!) so you open the email going "huh? Who is this person? Why did s/he send me this email?" and BAM, you get the virus too!

On top of it all, the person you blame, because they "sent" it to you (their name is in the from: field) is virus free! Someone else who has both your email addresses in their address book has the virus, and no one can warn them because no one got the virus "from" them!

DELETE THOSE EMAILS ASAP if you get them on a regular computer! Wynd pagers are immune.... for now!

 

[Fly Free]

IMO Wyndtell sucks!!!!!!!

Wyndtell :rl:

 

[pinkster]

IMO Wyndtell sucks!!!!!!!

Wyndtell :rl:

Thats besides my point.

 

[pinkster]

Those are a part of the newest virus making rounds on the internet. The person you see in the "from" address is SPOOFED (faked addresses being put in place of the person who really sent you the email).

But the people I got the email from, I've never met before, let alone talked to or given my email addy to. =/

On a different note, I did a virus scan on my computer today and guess what showed up? The Trojan Horse! *grumbles* Working on it.. I hate viruses and I've been lucky enough to not have any run ins with any since i joined the internet world back in 96. This is my first run in, and it sucks and its stupid =/ However, my computer is apparently "OK" the virus was quarauntined, next step is to try and remove it. BLEH! Virus checkers = life savers!

 

[pinkster]

Ok, I was wrong, you're right.

http://www.cnn.com/2004/TECH/internet/01/28/mydoom.spreadwed/index.html

Security firm: MyDoom worm fastest yet

Wednesday, January 28, 2004 Posted: 4:41 PM EST (2141 GMT)


CNN) -- The MyDoom virus has become the fastest-spreading virus yet, hitting hardest in the United States and Australia, security firm MessageLabs said Wednesday.

The British firm, which provides security to companies around the globe, had intercepted more than 1.8 million copies of the new mass-mailer worm in 168 countries, a spokesman said.

More than 100,000 copies are being intercepted every hour, he added. One in 12 e-mails handled by MessageLabs was infected with the worm.

Sobig.F, which struck last August and had been regarded as the most devastating virus, had a peak infection ratio of 1 in 17 e-mails.

"MyDoom has surpassed Sobig.F as the fastest spreading mass-mailer ever," said David Banes, MessageLabs' Asia Pacific technical director.

FBI agents are investigating the source of the worm, also known as "W32/Mydoom.A-mm," "Novarg" or "WORM_MIMAIL.R."

And SCO Group, whose site has been bombarded with a Denial of Service attack by MyDoom, offered a $250,000 reward for "information leading to the arrest and conviction of those responsible for this crime."

"The perpetrator of this virus is attacking SCO, but hurting many others at the same time," SCO's head Darl McBride said. "We do not know the origins or reasons for this attack, although we have our suspicions. This is criminal activity and it must be stopped."

The message in MyDoom is sent as a binary attachment. It often arrives in a zip archive of 22,528 bytes and is represented by a text icon even though it is an executable file, which are renowned for carrying viruses.

While the body of the e-mail varies, it usually includes what appears to be an error message, such as: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."

"A text file icon leads people to believe it is innocuous," Banes said.

Sharon Ruckman, the head of anti-virus firm Symantec's security response team, agreed. "This one is almost begging you to click on the attachment," she said.

Banes cautioned e-mail users not to open suspicious attachments in unexpected e-mails as the worm takes over their computer, allowing hackers to use their machine to send out spam.

MyDoom is a mass-mailing worm that attempts to spread via e-mail and by copying itself to any available shared directories used by Web sites such as Kazaa.

 

[pinkster]

The worm harvests addresses from infected machines and targets files with the following extensions: .wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm and .txt.

It also tries to randomly generate or guess likely e-mail addresses to which to send itself.

Initial analysis by MessageLabs technicians suggests Mydoom opens a connection on TCP port 3127, an indication of a remote access component.

Virus experts suggest its author is a fan of the Linux open source community because the bug, which targets computers running Microsoft Windows, set off an attack aimed at bringing down SCO's site.

Utah-based SCO, which claims ownership over the UNIX operating system, alleges some versions of the Linux operating system use its proprietary code.

"The MyDoom worm takes the Linux Wars to a new intensity," said Chris Belthoff, an analyst for anti-virus firm Sophos.

"It appears the author of MyDoom may have taken the war of words from the courtrooms and Internet message boards to a new level by unleashing this worm which attacks SCO's Web site."

Web-monitoring firm Keynote said MyDoom slowed Internet performance significantly Monday afternoon, but by Wednesday many companies, made wiser by the SoBig worm, had activated new security plans to protect their computers, security analysts said.

The worm is contained in e-mails with random senders' addresses and subject lines.

When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself, opens a backdoor that could allow hackers to break in and, in some instances, installs a "keystroke" program that records everything being typed, including passwords and credit card numbers.

The worm is also spreading via popular Internet file sharing networks such as Kazaa, where it appeared with names such as "Winamp5" "ICQ2004-final."

Nullsoft's Winamp offers an MP3 music-playing tool and ICQ is a popular Web chat program.

The best thing to do to stop the spread of the worm, experts said, was to ignore or delete it. And to update anti-virus software.

After a relative lull in the number of viruses distributed during the holidays, anti-virus experts said last week's "Bagle" worm and now MyDoom were keeping Internet security gurus on their toes.

"The virus writers [are] ... back from vacation and they've started pushing out their creations," said Vincent Gullotto, who runs Network Associates' McAfee Anti-Virus Emergency Response Team.

CNN.com's Jeordan Legon contributed to this report.

 

[pinkster]

2nd part so its not so long..

The worm harvests addresses from infected machines and targets files with the following extensions: .wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm and .txt.

It also tries to randomly generate or guess likely e-mail addresses to which to send itself.

Initial analysis by MessageLabs technicians suggests Mydoom opens a connection on TCP port 3127, an indication of a remote access component.

Virus experts suggest its author is a fan of the Linux open source community because the bug, which targets computers running Microsoft Windows, set off an attack aimed at bringing down SCO's site.

Utah-based SCO, which claims ownership over the UNIX operating system, alleges some versions of the Linux operating system use its proprietary code.

"The MyDoom worm takes the Linux Wars to a new intensity," said Chris Belthoff, an analyst for anti-virus firm Sophos.

"It appears the author of MyDoom may have taken the war of words from the courtrooms and Internet message boards to a new level by unleashing this worm which attacks SCO's Web site."

Web-monitoring firm Keynote said MyDoom slowed Internet performance significantly Monday afternoon, but by Wednesday many companies, made wiser by the SoBig worm, had activated new security plans to protect their computers, security analysts said.

The worm is contained in e-mails with random senders' addresses and subject lines.

When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself, opens a backdoor that could allow hackers to break in and, in some instances, installs a "keystroke" program that records everything being typed, including passwords and credit card numbers.

The worm is also spreading via popular Internet file sharing networks such as Kazaa, where it appeared with names such as "Winamp5" "ICQ2004-final."

Nullsoft's Winamp offers an MP3 music-playing tool and ICQ is a popular Web chat program.

The best thing to do to stop the spread of the worm, experts said, was to ignore or delete it. And to update anti-virus software.

After a relative lull in the number of viruses distributed during the holidays, anti-virus experts said last week's "Bagle" worm and now MyDoom were keeping Internet security gurus on their toes.

"The virus writers [are] ... back from vacation and they've started pushing out their creations," said Vincent Gullotto, who runs Network Associates' McAfee Anti-Virus Emergency Response Team.

CNN.com's Jeordan Legon contributed to this report.