OT: Win32/Mywife.E@mm

Billy A. Pumphrey bpumphrey at WoodMacLaw.com
Mon Feb 6 15:16:45 GMT 2006


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Jim Holland
> Sent: Saturday, February 04, 2006 8:27 AM
> To: MailScanner discussion
> Subject: RE: OT: Win32/Mywife.E at mm
> 
> Someone wrote:
> 
> > > > Naturally as long as everything is up to date things should be
ok.
> > > > People don't really know that a virus is going to happen before
it
> does
> > > > do they?
> 
> > > Only if the bug has a timer/date trigger in them.  They get
installed,
> > > then lie in wait, and BAM do nasty things later.  Once detected
early,
> > > we effectively reverse engineer the virus code, know that the
virus
> will
> > > trigger in the future, thus know it's going to happen before. Once
> users
> > > update their scanning softs they can be assured the bug will be
> > > eradicated before they trigger.
> 
> > > The media is a funny animal, they latch onto these bugs seemingly
at
> > > random, spreading doom and gloom, when we techs know that new bugs
are
> > > a daily occurrence, and are quickly and quietly squished by
anti-virus
> > > community.
> 
> Of course the media loves to hype these things, but I think that this
was
> a valid case for some extra attention.  Not only was the worm
particularly
> destructive (just one single infected machine on a network could have
> destroyed all files in a shared folder on a file server that the
machine
> had access to), but early copies did manage to get through the virus
> scanners and MailScanner itself.  I have not come across that
situation
> since the Bagle worm with its password-protected zip files.
> 
> Because we log the attachments that are sent to users we were able to
> determine that 6 of our 2500 members had received copies of the virus
in
> uuencoded form.  One of those 6 then opened the attachment with WinZip
and
> got infected as a result.  Fortunately we were able to clean up their
> infection before Friday, so no damage was done.
> 
> I think the media hype was a useful wakeup call to ordinary users to
get
> them to update their antivirus software and to keep backups on
separate
> media.
> 
> Regards
> 
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
> 

Good call and thanks for the responses guys.


More information about the MailScanner mailing list