Virus Alert - W32/Mydoom@MM
VIRUS ALERT
Virus Name: W32/Mydoom@MM
Going by the name of 'Novarg' or 'MyDoom', the latest mass-mailing worm to infest your in-tray is spreading at the same rate as SoBig, according to the anti-virus industry.
This is a mass-mailing worm with a peer-to-peer file-sharing worm that arrives in an email message. The worm also contains a remote access component.
On the first system startup on February 1st or later, the worm changes its behavior from mass mailing to initiating a denial of service attack against the sco.com domain. This denial of service attack will stop on the first system startup of February 12th or later, and thereafter the worm's only behavior is to continue listening on TCP port 3127.
On Windows PCs, the worm creates 64 threads which will hit www.sco.com with GET requests, between February 1 and 12. It also copies itself to KaZaA's download directory, masquerading as a software executable: names include icq2004-final and winamp5.
Windows users should check for a file named shimgapi.dll in the system directory, and update their AV software.
For most users the major inconvenience will be the bandwidth consumed: the executable attachment is 22kb in size.
Our email virus scanner has been updated to protect against this threat.
Stinger is a stand alone remover. You may download your copy by going to the following URL: http://vil.nai.com/vil/stinger
Reference:
http://vil.nai.com/vil/content/v_100983.htm
Johann