Community > Forum > General Support > W32.Mydoom.AL@mm

W32.Mydoom.AL@mm

Posted by: Sigurd - Sun Feb 06, 2005 2:31 am
Post new topic Reply to topic
 [ 4 posts ] 
W32.Mydoom.AL@mm 
Author Message
Moon Mission Member
Moon Mission Member
User avatar
Joined: Tue Jul 15, 2003 8:46 pm
Posts: 1215
Location: Kapellen, Antwerp, Belgium, Europe, Planet Earth, the Milky Way Galaxy
Post W32.Mydoom.AL@mm   Posted on: Sun Feb 06, 2005 2:31 am
I believe that someone who's active in this community made the W32.Mydoom.AL@mm worm virus (one of the many modified mydoom viruses)

What seemed to be a simple web worm that infected our site, it now seems it was more, it (and the person behind it) seems to have used our website (and a few others) as a server to start to distribute the virus/worm.

http://www.sarc.com/avcenter/venc/data/ ... al@mm.html

Downloads and executes a copy of Backdoor.Nemog.D from one of the following domains:
petrucciforum.com
ra-kbr.ru
ribaforada.net
stahlhammer.org
strikenet.us
sundayriders.co.uk
supermantv.net
xprizenews.org
yamamizuryu.org
foxalpha.com
frenchconnexion.org
hidden-agenda.co.uk
hooping.org
hypnobirthing.co.uk
idiotica.co.uk
imogenheap.co.uk
knutsfordcricket.co.uk
lancer.com.ru
newgenerationcomics.net
overcoming-x.org.ru

I tracked some files.. but I'm still not 100% sure we fixed it.
And 1and1 (hosting provider) sucks with detecting it or supporting us.
(if you ever chose webhosting, use ezoshosting, crystaltech etc or any other provider, but not 1and1).

If you have more info about this virus, or know what files it downloads from our webspace (I hope I deleted them all), please contact me ASAP with replying on this topic.

_________________
Heavier-than-air flying machines are impossible. - Lord Kelvin, 1892


Back to top
Profile WWW
Spaceflight Participant
Spaceflight Participant
User avatar
Joined: Mon Oct 04, 2004 4:27 pm
Posts: 72
Location: The Land of Hurricane Charley
Post    Posted on: Sun Feb 06, 2005 3:57 am
Not exactly the way you wanna see your site mentioned on someone else's site, huh?

Is this why there was an error connecting to here earlier?

Guess I'll be running a full set of virus/spyware scans before bed tonight.

Boy, I lose all phone and Net connection for almost a week, and things just get crazy while I'm away.. heh.

_________________
"Floating down the sound resounds around the icy waters underground.."


Back to top
Profile
Moon Mission Member
Moon Mission Member
User avatar
Joined: Tue Jul 15, 2003 8:46 pm
Posts: 1215
Location: Kapellen, Antwerp, Belgium, Europe, Planet Earth, the Milky Way Galaxy
Post    Posted on: Sun Feb 06, 2005 4:01 am
Yes, I disabled the forum a few hours back, cause I was making sure the forum had a clean copy that wasn't infected.

And don't worry, our site itself does not infect peoples computer who're using this website.
But it wasn't nice to know that the virus, used this webspace to download some components...
It's annoying not to be the server mannager itself... so nothing much we can do right now expect hoping that fixing all the things on our webspace is all that's needed (and hoping the server itself isn't screwed)... I hope to move this site to a diffrent webhosting company soon.

I'm planning to release a press release related to this later this week.

UPDATE, All problems fixed ;) so don't worry about anything.

_________________
Heavier-than-air flying machines are impossible. - Lord Kelvin, 1892


Last edited by Sigurd on Sun Feb 20, 2005 11:52 pm, edited 1 time in total.



Back to top
Profile WWW
Spaceflight Participant
Spaceflight Participant
User avatar
Joined: Mon Oct 04, 2004 4:27 pm
Posts: 72
Location: The Land of Hurricane Charley
Post    Posted on: Sun Feb 06, 2005 5:03 am
It's healthy paranoia to check after reading about something like this.

This PC (my secondary) has been infected by a website (swg.stratics.com) before. Switched to Firefox and haven't had much problem since, but I'm still somewhat paranoid about things after that.

_________________
"Floating down the sound resounds around the icy waters underground.."


Back to top
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 
 

Who is online 

Users browsing this forum: No registered users and 3 guests


cron
© 2014 The International Space Fellowship, developed by Gabitasoft Interactive. All Rights Reserved.  Privacy Policy | Terms of Use