Mydoom/Novarg is Fastest Spreading Worm Ever
The fastest spreading worm
ever packs a punch, and some new twists. The worm, known as MyDoom.B
or W32.Novarg.A@mm, is a mass e-mail worm that is spread via
attachments and the Kazaa network. It can arrive in various file types, such as .exe, .cmd,
.bat, .pif, .scr or .zip files.
The worm has been called "the worst e-mail worm incident in virus
history," by F-Secure,
a Finish network security company. It has been estimated by Message
Labs that 1 in 12 e-mail messages carried on the Internet is
generated by the worm. "This is the most aggressive [worm] that we have seen
to date," said Mark Sunner, chief technology officer for MessageLabs.
Once activated, the worm:
What to Look For
The worm sends itself as an attachment to e-mail. Its subject line
consists of: "test," "hi," "hello," "Mail Delivery System," "Mail
Transaction Failed," "Server Report," "Status," or "Error." The
attachment will be named either "document," "readme," "doc," "text,"
"file," "data," "test," "message," or "body". Don't touch an e-mail
with any of these characteristics.
Once installed it will search the computer's local and network disks
to find any file likely to contain any e-mail addresses. It then uses
those e-mail addresses as targets for its randomly generated,
Not to leave the much-maligned file
sharing users alone, the worm also copies itself to the default Kazaa file
sharing directory. It masquerades itself as a half dozen different
What to Do
- Don't open attachments that you are not expecting.
- Keep your software up-to-date.
- Follow the
Computer Security Tips.