eva2000
28-01-04, 05:38 AM
Just heads up guys about this nasty virus which is spreading pretty rapidly
READ
http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.
Also known as:
W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]
Infection Length: 22,528 bytes, variable file size for a .zip attachment
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x
The email will have the following characteristics:
From: May be a spoofed from address
Subject:
(one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
Message:
(one of the following)
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachment:
(one of the following)
document
readme
doc
text
file
data
test
message
body
Update your anti-virus software!
.
READ
http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.
Also known as:
W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]
Infection Length: 22,528 bytes, variable file size for a .zip attachment
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x
The email will have the following characteristics:
From: May be a spoofed from address
Subject:
(one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
Message:
(one of the following)
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachment:
(one of the following)
document
readme
doc
text
file
data
test
message
body
Update your anti-virus software!
.