Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
January 2004
 Right Arrow
Su M Tu W Th F Sa
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    January 26, 2004 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    new W32/Mydoom or W32/Novarg
      W32/Beagle or W32/Bagle Worm
      Systems compromised via buffer overflow in DameWare


    W32/Mydoom or W32/Novarg
    added January 26

    On January 26, 2004, US-CERT began receiving reports of a new mass-mailing virus now known as W32/Novarg.A, W32/Shimg, or W32/Mydoom. It arrives as an email message with a 22,528-byte attachment that has a random filename with a file extension of .cmd, .pif, .scr, .exe, or .bat. The attachment may also arrive as a ZIP archive. This malicious code has been reported to open a connection on port 3127/tcp or port 3176/tcp. In addition to email propagation, the virus attempts to spread through peer-to-peer file sharing networks by copying itself into the default folder used by KaZaA to share files.

    US-CERT strongly encourages users to install and maintain anti-virus software. We also encourage users to exercise discretion when opening any email attachment.

    You may also wish to visit the US-CERT's computer virus resources page.


    W32/Beagle or W32/Bagle
    added January 20

    US-CERT has received reports of a new mass-emailing virus, referred to as "W32/Beagle" or "W32/Bagle". It arrives as an attachment to an email with the subject line of "Hi". The attachment is an executable file (.EXE) file with a file name consisting of a random sequence of characters. Upon opening the attachment, the virus scans certain files on the user's system collecting email addresses, then attempts to mail itself to all e-mail addresses it found. The FROM: address is spoofed to hide the identity of the sender. Additionally, the virus opens a port on the user's system (usually port 6777) which permits an attacker to gain access to the system.

    US-CERT strongly encourages users to install and maintain anti-virus software. We also encourage users to exercise discretion when opening any email attachment.

    You may also wish to visit the US-CERT's computer virus resources page.


    Systems compromised via buffer overflow in DameWare
    added December 26

    US-CERT has received reports of systems being successfully compromised via a remotely exploitable buffer overflow in the DameWare Mini Remote Control management package. This vulnerability is documented in VU#909678. Users are encouraged to upgrade to the newest version of the software from the DameWare site.

    If you have additional information about systems compromised using this vulnerability, please send email to cert@cert.org.