W32.Novarg.A@mm On the loose

[NeoStarO1]

Now im getting ticked. I rarely get viruses. Yesterday got a email from the school district and I thought it was in relation to something I been inquiring about with the school district so dummy me opened it up and NIS went crazy! Nope. it was a frickin' virus.

I cleaned everything up last night and all was smooth as heck again. This morning check my email and again 7 emails! all full of this same virus.

Symantec has this notice on thier front home page. Here are the details

Short of not checking my email how can I stoop this thing? Its all coming through my business email accounts. We are not opening them. This mornign we did not open anything. I do not have preview panes on or anything.

Any advise or do i need to sit this out for the next 12 days? Read the article to knwo what im talking about.

[nomaxim]

Old news.

Rob's got it on the news page also.

If it's coming into your biz account, then most likely someone you do biz with has it. All you can do is wait till they clean their system. It is a mass mailer worm after all.

[NeoStarO1]

Didn't relize it was old news. According to symantec it was only discovered yesterday. Perhaps thier website is wrong.

So only thing I can do is t wait till they clean there computer?

Well that doesn't bode well for me cuz i do regular specials every week and newsletters every first of the month. I have over 300 email addresses.

Do you think I should put something up on our website asking our clients to clean thier computer? I don't wanna be sending out any more coupons or newsletters till this stops. I am afraid i may inadvertaly send someone something.

I also want to format my comptuer as well as I need more patitions and im thinking i should wait till this blows over.

I'm really frustereated right now. I have set more tighter securities on my email right now as 30 more come in. Damm blast it!!!

[nomaxim]

CNN , At present 1 outta 12 emails is infected in some networks. It should peak out in the next 12-36 hours as more people become aware of it.

Be glad your Norton caught it or your system may have been sending it to all your customers!

It could also be that only one of your customers has it. Last year duing Klez I got like 50-60 over a two week period before it stopped.

EDIT: Old news meant loosly, I've been dealing with it all last night. Work 3rd shift.

[DVNT1]

also see http://www.techimo.com/forum/t97654.html

and http://isc.sans.org/diary.html

[DVNT1]

...and for a graph of infected email rate :

http://isc.sans.org/images/virus2.png (novearg email messages per hour)

and http://isc.sans.org/images/virus.png (novearg email messages per 10 minutes)

[nomaxim]

NeoStar, Run another scan. Maybe try HouseCall or something else too just to be sure.

[DVNT1]

The virus also spoofs sender's address so it could easily be someone which has your email address in thier address book. Then thier computer sends out the virus email using your email address as the claimed source.

[golfcart]

Thanks for the links DVNT1. Those are neat graphs

[NeoStarO1]

Yes im considering disabling all accounts on the server for a few days. That way it gets bounced back to them or who ever sends it.

What do you suggest?