Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evaman Worm Attacks Email Servers

Posted by CmdrTaco on from the good-morning-how-are-you-i'm-doctor-worm dept.

An anonymous reader writes "CoolTechZone is reporting that the mail servers of various popular email services such as Hotmail and Yahoo to be bogged down with a new worm, code-named Evaman. The headings are common to the ones users encounter everyday in their inbox - "Failed Transaction" or "Delivery Failure". This worm has the potential to take control over Windows 95, 98, ME, 2000, XP, NT, and Windows Server 2003."

10 of 182 comments (clear)

  1. Sweet Zombie Jesus by linzeal · · Score: 5, Informative

    This is not a Microsoft exploit, just a trojan that targets MS products. What is the world coming to when I can't get my machine rooted without the work of logging into a free email service to check my pr0n mail?

    --
    An Education is the Font of All Liberty
    1. Re:Sweet Zombie Jesus by sploo22 · · Score: 5, Informative

      Not only that, but despite the headline, it doesn't attack the email servers in any way whatsoever, other than sending itself through them like every other email worm.

      --
      Karma: Segmentation fault (tried to dereference a null post)
  2. Better Version by BenBenBen · · Score: 5, Informative

    If you want the Symantec release re-written by someone who knows what they're talking about, look here.

    "Evaman occupies a false email address" doesn't fill me with respect for CoolTechZone's credentials.

    --
    The Slashdot Paradox: "100% Overrated"
  3. A clearer description of Evaman by ofdm · · Score: 5, Informative

    Rather than reading a journalists munged interpretation of what Symantec said, you can look at Symatec's original statement

  4. Hype by Lumpish+Scholar · · Score: 5, Informative

    The article says, "The security firm, Symantec, has given this worm a critical warning and states that this worm could be as as dangerous as the MyDoom virus." Funny, Symantec's description isn't nearly so dire: "Threat containment: Easy; Removal: Moderate."

    --
    Stupid job ads, weird spam, occasional insight at
  5. Low Profile According to McAfee... by pdaoust007 · · Score: 5, Informative

    Some good additional available here

  6. Re:So, windows is affected by a worm? by darkmeridian · · Score: 5, Informative

    I run XP extensively because SofTest and TimeMatters isn't available for Linux yet. = ) I have never been directly infected by a worm or virus because I have Windows Update automatically update itself every week, as well as LiveUpdate for Symantec 2004.

    The truth is that the OS is only as safe as the user. The people using Linux are that much more advanced than those using Windows, so that is why there aren't that many Linux bugs (as well as the marketshare argument.)

    Yes, Linux is more secure by design, but Debian had its server rooted a few months ago, didn't they? And they presumably know what they are doing.

    It's kind of like driving a car. You can buy the safest car on the road, but if you are going to change lanes without checking out your blind spot, well, it doesn't matter, does it?

    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  7. Re:Wow.. monday already? by Anonymous Coward · · Score: 1, Informative

    No - Windows runs most of the *desktops* though in the world. This virus targets the actual desktop machine, not the server at all.

  8. Better Versions by TubeSteak · · Score: 5, Informative
    If you want the Symantec release re-written by someone who knows what they're talking about, look here.

    "Evaman occupies a false email address" doesn't fill me with respect for CoolTechZone's credentials.
    And in the spirit of good journalism, wouldn't you think CoolTechZone would want to link to Symantec or directly to the advisory. And not just CoolTechZone, but CmdrTaco too. Was the news that CoolTechZone reported this, that Symantec reported this or that there's a new worm out? As the news spreads, so does the crummy reporting, this time from The Inquirer. They don't link to Symantec either & have winning lines like " If users are dumb enough to open the attachment".

    Okay, fine, users are dumb. How how about we give them a slight break in this case? Failed deliveries are far enough out of most people's 'normal' e-mail experience that i can understand why they'd read the message. No it doesn't excuse opening anything with .scr, but txt.scr, html.scr, outlook.scrtxt.exe might dupe your avg users.

    Anyways, here's a better article linked by McAfee and The Article That Started It All from the Sydney Morning Herald. Perusing the summaries off of Google News makes it seem like this will either be "unlikely to have a major impact on Australian businesses." or (now this is really crazy because it's from the same website, but a different article) "clog mail servers, cause severe slowdown and wreak financial damage as it spreads rapidly around the world when businesses return to work today"

    I love that everyone can quote the Sydney Morning Herald to report that the sky is falling, or that things will mostly be okay. how do two journalists end up with such completely different viewpoints? They both quote Tim Hartman

    "Tim Hartman, senior technical director at the security firm Symantec, said Evaman had the potential to be "every bit as bad as MyDoom. It's really shaping up like that. Mr Hartman estimated the virus would spread at an uncontrollable rate as people returned to work"
    and/or
    "We don't think it's going to be a major outbreak... most businesses had been able to filter out the affected emails" Mr Hartman said.
    /Rant
    --
    [Fuck Beta]
    o0t!
  9. Re:w00hoo by Shachaf · · Score: 1, Informative

    A GMail invitation link is made up out of the following parts:
    1. http://gmail.google.com/a-
    2. Ten hexadecimal digits which represent the account the invitation is coming FROM.
    3. Ten hexadecimal digits which represent the specific ID of the invitation.

    So, when you wrote this, you probably got a GMail invitation, saw that the link started with a certain 10-digit combination, tried replacing it with another, and got an error. So you decided that the first ten hexadecimal digits must be the combination you had. But, this will only work for invitations sent from the account that invitation came from, and only after they are sent and before they are used.