New "Mydoom" Worm Launching a World-Wide Attack
Posted on 27.01.2004
F-Secure is warning email users around the world about a new Windows worm which is spreading rapidly. The new worm, known as Mydoom or Novarg, is spreading through email attachments and Kazaa file sharing networks.

The worm has launched a world-wide denial-of-service attack from every infected computer against the website of SCO, one of the largest Unix vendors in the world. However, the WWW.SCO.COM site seems to be still operational.

There's been a lot of discussion about SCO after they claimed last December that the Linux operating system was violating SCO's intellectual property rights in UNIX technology. "There are a lot of kids out there who feel like SCO's attacking them", comments Mikko Hypponen, Director of Anti-Virus Research at F-Secure Corporation. "Apparently someone of them decided that it's ok attack back."

In addition of the denial-of-service attack, the worm also opens up a backdoor to infected computers by listening to TCP port 3176. This way the worm author can gain access to infected computers afterwards.

The emails sent by the worm are fairly random:

From: random email address
To: address of the recipient
Subject: random words

Message body: (several different mail error messages, such as:)

Mail transaction failed. Partial message is available.

Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension.

When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further.

Detailed technical description of the worm as well as screenshots are available in the F-Secure Virus Description Database.





Spotlight

Review: Bulletproof SSL and TLS

Posted on 12 September 2014.  |  Deploying SSL or TLS in a secure way is a great challenge for system administrators. This book aims to simplify that challenge by offering extensive knowledge and good advice - all in one place.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //