Worm creates possessed zombie army to attack SCO website!


Worm creates possessed zombie army to attack SCO website !
(English Version Only)

Jan 29, 2004

Communnilink has received many reports of this worm from the wild.

Description
The MyDoom worm (also known as Novarg or Mimail-R) spreads via email, using a variety of technical-sounding subject lines and attachment names. If the attached file is launched, and the worm activated, the infected computer's hard disk is harvested by the worm for more email addresses to send itself to. The worm opens a backdoor onto infected computers which allows hackers to gain access.

Alias Attachment Details
Win32.Mydoom.A ZIP.Mydoom.A, W32/Mydoom@MM (McAfee) ,
W32.Novarg.A@mm (Symantec) ,
Win32/Shimg.Worm , Win32/Shimg.zip.Worm)
Data, Readme, Message Body, Text, file, doc, document (.bat, .cmd, .pif, .exe, and .scr) [Click for details]
Win32.Mydoom.B I-Worm.Mydoom.b (Kaspersky),
W32/Mydoom.B@mm (F-Secure),
W32/Mydoom.b@MM(McAfee),
Win32/Mydoom.B.Worm,
WORM_MYDOOM.B (Trend)
body, text, document, data, file, readme, message, doc (.bat, .cmd, .pif, .exe, and .scr) [Click for details]

Win32.Mydoom.A

Between the 1st and 12th February 2004, the worm will attempt a denial-of-service attempt to www.sco.com, sending numerous GET requests to the web server.

After the 12th February W32/MyDoom-A will no longer spread, due to an expiry date set in the code. It will, however, still run the backdoor component.

Win32.Mydoom.B

Between the 1st February and 1st March 2004, there is a 20% chance that the worm will attempt a denial-of-service attacks against www.sco.com, sending numerous GET requests to the web server. Between 3rd February and 1st March 2004 there is a 30% chance that the worm will attempt the same denial-of-service attack against www.microsoft.com.

After the 1st March W32/MyDoom-B will no longer spread, due to an expiry date set in the code. It will, however, still run the backdoor component.

Solution

New virus definition is available from anti-virus vendors to detect and remove this virus.

If you do not install any anti-virus program, you can download the following removal tools to clean it.

Sophos
W32/MyDoom-A - http://www.sophos.com/support/disinfection/mydooma.html
W32/MyDoom-B - http://www.sophos.com/support/disinfection/worms.html

Mcafee
W32/Mydoom@MM - http://vil.nai.com/vil/legend.htm#Removal_Instructions

Symantec
W32.Novarg.A@mm - http://securityresponse.symantec.com/avcenter/venc
/data/[email protected]

W32.Mydoom.B@mm - http://securityresponse.symantec.com/avcenter/venc
/data/[email protected]#removalinstructions

Related Link(s)

For more information, please refer to the following websites.

Win32.Mydoom.A - Information from Computer Associates
Win32.Mydoom.B - Information from Computer Associates
Information from McAfee
Win32.Mydoom.A - Information from Sophos
Win32.Mydoom.B - Information from Sophos
W32.Novarg.A@mm - Information from Symantec
W32.Mydoom.B@mm - Information from Symantec




News Contact

Service Hotline: (852) 2998 0808
Fax: (852) 29977800
Email: [email protected]


Latest News
7x24 hosting, web hosting, hosting hk, cloud hosting, ssd hosting, SSD 網站寄存, Unix Hosting, Windows Hosting dedicated server, Dell 伺服器租用, Dell Server Rental colocation, server colocation, colocation hk, hk datacenter, 伺服器託管, 托管伺服器, 香港數據中心 ACRONIS Backup Solution, ACRONIS 備份方案, Virtual Private Server MyVPS server maintenance, maintenance service ssd email, cloud email, Email Server Rental, Spam Controller, Global SMTP, Smart Email System, Catch SMTP, Offline Email Backup, Secondary MX Record Malaysia Server, Singapore Server, USA Server, Taiwan Server, Japan Server, China Server