New mass mailing virus spreading rapidly

CERT has issued the following warning about a widespread and potentially destructive new virus:

The CERT/CC has been receiving reports of a new mass-mailing virus known as W32/Novarg.A, W32/Shimg, or W32/Mydoom that has been reported to open a backdoor to the compromised system and possibly launch a denial-of-service attack against a web site at a fixed time in the future.

The W32/Novarg.A virus attempts to do the following:
* Modify various Windows registry values so that the virus is run again upon reboot
* Open a listening TCP port in the range of 3127-3198, suggesting remote access capabilities
* Install a copy of itself in the C:\Program Files\KaZaA\My Shared Folder\ folder, which will be available for download by KaZaA users

The virus arrives as an email message with a 22,528-byte attachment that has a random filename with a file extension of .cmd, .pif, .scr, .exe, or .bat. The attachment may also arrive as a ZIP archive.

For more details and links to anti-virus resources visit http://www.cert.org/incident_notes/IN-2004-01.html

•Date: 27th January 2004 •Region: Worldwide •Type: Article •Topic: Warnings
Rate this article or make a comment - click here