Mydoom/Novarg is Fastest Spreading Worm Ever

The fastest spreading worm ever packs a punch, and some new twists. The worm, known as MyDoom.B or W32.Novarg.A@mm, is a mass e-mail worm that is spread via attachments and the Kazaa network. It can arrive in various file types, such as .exe, .cmd, .bat, .pif, .scr or .zip files.

The worm has been called "the worst e-mail worm incident in virus history," by F-Secure, a Finish network security company. It has been estimated by Message Labs that 1 in 12 e-mail messages carried on the Internet is generated by the worm. "This is the most aggressive [worm] that we have seen to date," said Mark Sunner, chief technology officer for MessageLabs.

Multiple Punches

Once activated, the worm:

• waits to launch a series of denial of service attacks against both Microsoft and The Santa Cruz Operation (SCO) starting February 1st.
• will stop spreading on March 1st, 2004
• prevent users from going to security sites to update their security. This includes blocking:
  • Symantec
  • F-Secure
  • Microsoft download sites.
• opens communications ports to allow remote control of the computer.
• turn the PC into a "zombie drone" which can turn your computer into a SPAM machine for the popular Viagara SPAMs and ink-cartridge offers.
• causes Microsoft to announce that its going to spend more money on security research and development.

What to Look For

The worm sends itself as an attachment to e-mail. Its subject line consists of: "test," "hi," "hello," "Mail Delivery System," "Mail Transaction Failed," "Server Report," "Status," or "Error." The attachment will be named either "document," "readme," "doc," "text," "file," "data," "test," "message," or "body". Don't touch an e-mail with any of these characteristics.

Once installed it will search the computer's local and network disks to find any file likely to contain any e-mail addresses. It then uses those e-mail addresses as targets for its randomly generated, virus-infected e-mails.

Not to leave the much-maligned file sharing users alone, the worm also copies itself to the default Kazaa file sharing directory. It masquerades itself as a half dozen different popular downloads.

What to Do

1. Don't open attachments that you are not expecting.
2. Keep your software up-to-date.
3. Follow the Computer Security Tips.
4. Increase Business security.

See Also

• The National Cyber Alert System
• New Worm Spawns Headaches for Computer Users
• Why is Cyber Security a Problem?

View Responses (0)

Post Response