• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

jblo_thewormgame-1.swf email = mydoom??

D

drag

Elite Member


My roomate recently has been aflicted with the mydoom worm. (I fought with them to get a virus scanner installed, which they did, but got lazy and let the subscription run out, so no updates. And whala! A nasty little infection. Hope they learned their lesson, (I probably just won another Linux convert.))

Right now I am trying to determine the exact method that she got infected with it.


Like many other females she likes to converse with her girl buddies over e-mail and they like to foward cute pictures and little games to each other.

Well her computer started going south quickly so we disconnected it from the network and began trying to figure out what was going on. It had the signs of a nasty infection. (ie crashing, virus scanner failing, lost e-mails etc etc)

Well I (at work, talking her thru this stuff over the phone) found out that she got this email from her freind that has been fowarded over and over again and it has a attactment called jblo_thewormgame-1.swf. She said that she saved it to the desktop, double-clicked on it and it simply asked for what program she wanted to open it up with, she didn't know what to use so she canceled it.

I did the same thing again with her to see if it was a real game or not(after we figured the os was infected with SOMETHING..), and tried to open it using IE.

It came up "Loading loading..." etc etc. and then she noticed a new notepad icon on her desktop with a random dkslllasdfad-style name. We opened it up and looked at it and it was full of the kind of stuff that is a tell tail sign of MyDoom.

So anybody know anything about this jblo_thewormgame bad-boy? I just want to find out exactly were this worm came from.
 
Originally posted by: n0cmonkey
Haven't seen it. I don't get viruses. All of my friends do. I'm not in enough address books I guess 🙁
Click to expand...

Well that's just to bad. Your not popular or accepted by others until you get at least 3 or 4 viruses in your inbox a month. 😛
 
Originally posted by: drag
Originally posted by: n0cmonkey
Haven't seen it. I don't get viruses. All of my friends do. I'm not in enough address books I guess 🙁
Click to expand...

Well that's just to bad. Your not popular or accepted by others until you get at least 3 or 4 viruses in your inbox a month. 😛
Click to expand...

<--SAME HERE🙁

NO WUV FOR MME
 
Me too, but I suspect it is because I edumacated ( read: mercilessly verbally beat the Sh!t out of) anyone who either:
A: forwards me joke crap spam, or email this to ten of your friends crap spam.
B: did not protect their computers with up to date virus protection.

Either way, no loss!
 
Originally posted by: drag
So anybody know anything about this jblo_thewormgame bad-boy? I just want to find out exactly were this worm came from.
Click to expand...
Yup, sounds like MyDoom or a variant, as you suspect. Where did it come from? Either as an email attachment or through Kazaa. AFAIK, those are the only two transmission methods. Once it gets there, somebody has to open it manually - so no clever vulnerabilities or exploits, just typical human stupidity.

 
isnt swf flash ? would be suckeh if they managed to write a flash virus cous you'd be able to place it on any website.
 
Bah. I finally got a chance to look at the computer in person, instead of over the phone.

Turns out:

1. The swf file isn't dangerous. When you do "open with" IE it doesn't play automaticly you have to right click on the "loading" part and select play.

It's just a stupid april fools joke swf.

2. The file with the email address was a "csv" for comma seperated values. It was exported from OE in a failed attempt to recover the information from lost e-mails (you know she used OE as a recorder for her corrispondance and had important info stored on it... with no backups)

In OE6 you go to file ---> export ---> address book ---> export as comma seperated values.

3. There was no "mydoom" virus. The only things that were on their were the normal swicer/JOL type crap that you get from normal use of IE and windows. Nothing special.

Using the "stinger" trojan scanner from mcafee I didn't find anything.

4. The misbehavior and lost e-mails were just normal w2k crappyness.


sorry for the false alarm. My bad. 🙁
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top