New "Mydoom" Worm Launching a World-Wide Attack
Posted on 27.01.2004
F-Secure is warning email users around the world about a new Windows worm which is spreading rapidly. The new worm, known as Mydoom or Novarg, is spreading through email attachments and Kazaa file sharing networks.

The worm has launched a world-wide denial-of-service attack from every infected computer against the website of SCO, one of the largest Unix vendors in the world. However, the WWW.SCO.COM site seems to be still operational.

There's been a lot of discussion about SCO after they claimed last December that the Linux operating system was violating SCO's intellectual property rights in UNIX technology. "There are a lot of kids out there who feel like SCO's attacking them", comments Mikko Hypponen, Director of Anti-Virus Research at F-Secure Corporation. "Apparently someone of them decided that it's ok attack back."

In addition of the denial-of-service attack, the worm also opens up a backdoor to infected computers by listening to TCP port 3176. This way the worm author can gain access to infected computers afterwards.

The emails sent by the worm are fairly random:

From: random email address
To: address of the recipient
Subject: random words

Message body: (several different mail error messages, such as:)

Mail transaction failed. Partial message is available.

Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension.

When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further.

Detailed technical description of the worm as well as screenshots are available in the F-Secure Virus Description Database.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //