VIRUS ALERT Virus Name: W32/Mydoom@MM
Going by the name of 'Novarg' or 'MyDoom', the latest mass-mailing worm
to infest your in-tray is spreading at the same rate as SoBig,
according to the anti-virus industry. This is a mass-mailing
worm with a peer-to-peer file-sharing worm that arrives in an email
message. The worm also contains a remote access component. On
the first system startup on February 1st or later, the worm changes its
behavior from mass mailing to initiating a denial of service attack
against the sco.com domain. This denial of service attack will stop on
the first system startup of February 12th or later, and thereafter the
worm's only behavior is to continue listening on TCP port 3127.
On Windows PCs, the worm creates 64 threads which will hit www.sco.com
with GET requests, between February 1 and 12. It also copies itself to
KaZaA's download directory, masquerading as a software executable:
names include icq2004-final and winamp5. Windows users should check for a file named shimgapi.dll in the system directory, and update their AV software. For most users the major inconvenience will be the bandwidth consumed: the executable attachment is 22kb in size. Our email virus scanner has been updated to protect against this threat. Stinger is a stand alone remover. You may download your copy by going to the following URL: http://vil.nai.com/vil/stinger Reference: http://vil.nai.com/vil/content/v_100983.htm
|