View Single Post
Old 28-01-2004, 05:38 AM   #1   [permalink]
eva2000
Administrator
 
eva2000's Avatar
 
Join Date: 23 Jun 2000
Location: Brisbane, Australia
Posts: 12,408
Exclamation Novarg Virus Alert - category 4 worm!

Just heads up guys about this nasty virus which is spreading pretty rapidly

READ
http://securityresponse.symantec.com...varg.a@mm.html

Quote:
W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

Also known as:
W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]

Infection Length: 22,528 bytes, variable file size for a .zip attachment

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

Quote:
The email will have the following characteristics:

From: May be a spoofed from address

Subject:
(one of the following)
  • test
  • hi
  • hello
  • Mail Delivery System
  • Mail Transaction Failed
  • Server Report
  • Status
  • Error

Message:
(one of the following)
  • Mail transaction failed. Partial message is available.
  • The message contains Unicode characters and has been sent as a binary attachment.
  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Attachment:
(one of the following)
  • document
  • readme
  • doc
  • text
  • file
  • data
  • test
  • message
  • body
Update your anti-virus software!

.
__________________
be afraid... Admin cap is back... !
eva2000 is offline