| View previous topic :: View next topic |
| Author |
Message |
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
 Posted: Thu Feb 26, 2004 2:41 am Post subject: MyDoom.F Virus and Earlier |
 |
|
This is a very serious matter , if your running abyss web server
do not use the port 1080 as this is a port that the virus will and
connect on to allow an attacker on your system. Please read!
NetCraft Report:
The newest version of MyDoom deletes Microsoft Word and Excel documents from a victim's hard drive, along with images and videos. MyDoom.F was discovered Feb. 20 and spread slowly at first, but is prompting increased warnings from security vendors as it begins to spread more widely.
Like its predecessors, MyDoom.F has its own SMTP engine and spreads through e-mail attachments, and is programmed to launch denial of service attacks on web sites. The DDoS component of MyDoom.F targets www.microsoft.com and www.riaa.com (the Recording Industry Association of America)
MyDoom.F also opens a backdoor on the victim's computer, using port 1080. Some analyses suggest that it also opens a backdoor on multiple ports between 3000 and 5000 and disables antivirus software.
Widespread awareness of MyDoom-related threats has focused fresh attention on the basics of e-mail security, particularly regarding the opening of attachments. That should work to check the spread of MyDoom.F, as will its more destructive payload, which makes it harder for the malware's activity to go unnoticed for very long on compromised machines.
------------------------------------------------------------------------------------
Nortan has developed a Removal tool if you do have this
virus and will delete all files that relates to MyDoom virus.
Click Here
If you would like a Free copy of my Nortan Internet Security
than I will be more than happy to let you download it. other
wise download some free firewalls from download.com and
webattack.com
-------------------------------------------------------------------------------------
I POSTED THIS BECAUSE I JUST FOUND OUT ABOUT THIS VIRUS ON
NETCRAFT.COM AND IM WARNING YOU ABYSS USERS TO BLOCK PORT
1080 AND TO ONLY LEAVE THE PORTS THAT YOU NEED OPEN.
-------------------------------------------------------------------------------------
Tip for detecting this nasty virus !
-------------------------------------------------------------------------------------
Microsoft Windows:
Right Click in the START menu and Click on TOOLS ->
FOLDER OPTIONS and click on the VIEW tab and
disable "Hide Extensions For known File Types"
that way you can detect a double extension. 8)
Windows 98 and earlier
already show extensions.
-------------------------------------------------------------------------------------
P.S. If none of the ports that I don't want forwarded automaticly
blocked if its not in the port forwarding list on my router ? :?
Last edited by TRUSTAbyss on Thu Feb 26, 2004 4:46 am; edited 2 times in total |
|
| Back to top |
   |
 |
iNaNimAtE
-
Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.
|
| Posted: Thu Feb 26, 2004 2:47 am Post subject: |
|
|
Thanks for the update!
To answer your question, yes, if you do not specifically forward a port to an internal IP address, then it is automatically blocked.
Is there a way to block IP addresses/ports on Norton Internet Security? Or should I use Kerio Personal Firewall?
EDIT: I noticed a little option that should be fixed in Norton Internet Security. At the main summary screen, select "Options>Internet Security," and under the "Firewall" tab, remove port 1080 from the list. That should probably help with this virus.
_________________
Bienvenidos!
Last edited by iNaNimAtE on Thu Feb 26, 2004 2:55 am; edited 1 time in total |
|
| Back to top |
     |
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Feb 26, 2004 2:49 am Post subject: |
|
|
Yes their is , Nortan has everything and its not
warez because its my own personal copy. 8)
Edit: Removing port 1080 from the
most common internet ports in
that list will protect you even more. |
|
| Back to top |
|
|
iNaNimAtE
-
Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.
|
| Posted: Thu Feb 26, 2004 3:35 am Post subject: |
|
|
How do you do it then?
_________________
Bienvenidos! |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Feb 26, 2004 4:36 am Post subject: |
|
|
Click on Personal Firewall -> Advanced -> General Setting - and
add a record for port 80 for your web server , TCP UDP port 80
You get the picture , Good Luck! 8) |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Thu Feb 26, 2004 9:51 am Post subject: |
|
|
It doesn't matter if you're running Abyss on 1080, MyDoom doesn't attack webservers, it only connects to a backdoor created by itself. You might see some wierd traffic in your logs but there's certainly no danger in leaving Abyss running on that port. Also, there's no need to allow UDP traffic for the server, only TCP.
Oh, and as before, stop offering warez downloads on the forum. :evil: |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Feb 26, 2004 9:58 am Post subject: |
|
|
I was told its TCP and UDP :?
Well just to be safe , I blocked port
1080 on my Personal Firewall. 8)
If that is warez , lending someone a copy
from my Nortan CD , Im sorry ok :( |
|
| Back to top |
|
|
some random person
-
Joined: 06 Oct 2003
Posts: 128
Location: I live here! At my house!
|
| Posted: Fri Feb 27, 2004 3:20 am Post subject: |
|
|
I don't think its warez, but it is definaly not legal... As for the virus, iv'e don't have anything to loose really. It sure would be annoying, but I don't have anything important...
_________________
New image comming soon...
Image hosted by abyss powered website
Image copyright some random person (I made it......)
Abyss > Apache (Meaning abyss is better than apache)
My site powered by abyss->(Undergoing construction) |
|
| Back to top |
|
|
|
