 |
|
||||||||||||
| |
Latest computer worm spreading rapidly through EMS community By
JOHN HULTGREN LOUISVILLE — If my inbox is a valid indicator, the latest computer worm is spreading rapidly throughout the Kentucky EMS community. The Novarg worm (also known as Mydoom) was first discovered last Monday and quickly became the fastest spreading electronic mail worm in history. It was estimated that one out of every nine e-mails sent world-wide Tuesday was infected with this worm. Although the mass-mailing worm does not cause any harm to your computer or files, it does open up what could be used as a "backdoor" that others familiar with the worm could exploit to connect to your computer. The worm is designed to launch a denial of service attack starting Sunday against a company involved in a computer software lawsuit. The worm is designed to stop spreading on Feb. 12 (although the backdoor will remain open after that date). Microsoft has offered a $250,000 reward. Interestingly, the worm does not target any e-mail address that ends with edu. The worm is overloading some e-mail systems and networks, and causing frustration for those who receive it or have to maintain network systems. The Kentucky EMS Connection is receiving over 700 infected e-mails daily, and STATCARE is currently averaging 224 infected e-mails received per hour. I am also receiving plenty of e-mails and phone calls from frustrated people trying to alert me of a possible infection. However, this worm uses a technique called "spoofing", which hides the identity of the real sender of the infected e-mail message. A number of years ago, most computer viruses and worms did show the identity (in the form of a valid e-mail address) of the infected computer. Virus authors soon realized that this was inefficient. Now, most viruses and worms first scour your computer (not just your address book, but also computer files, including cached web pages) for e-mail addresses and then composes a list of the e-mail addresses found. These viruses and worms can use their own e-mail engine to send the infected e-mails to everyone on this list, and they substitute a random e-mail address from the list as the sender. This makes it more difficult for the recipient to identify who actually is infected. And, as people who are not infected get notifications from their friends that they are sending the virus, they spend hours (and sometimes good money) trying to remove the non-existent infection from their computer (which I guess is an added bonus for the virus authors). The Kentucky EMS Connection does not manage its own server, but the operating system used on that server is not a target of this worm. Computers used to manage the web site are protected against this worm and were never infected with it. STATCARE does manage their own e-mail server, and that server has special server antivirus software that scans each e-mail as it is received or sent and removes any virus or worm found. One of STATCARE's servers checks periodically throughout the day for antivirus updates and automatically applies them to all servers and workstations throughout their office. If one of their computers would become infected, monitoring software would automatically page me when unusual activity was noticed so that we could respond to the situation. Here are some steps you can take to help:
For
more information on this worm, visit If you believe you are infected with this worm, there is a free removal tool that you can download from: http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@ Some viruses and worms may prevent you from connecting to selected servers (including updating your virus definitions, performing scans, or even disabling your antivirus software), so if you encounter difficulties, you may in fact have an infection. You may need to download the removal tool to a floppy disk from an uninfected computer.
|
![[Kentucky EMS Connection]](../../images/logo2.gif){kind=logo}
![[Kentucky EMS Connection]](../../images/KEC_log3.gif){kind=small}