Worm creates possessed zombie army to attack SCO website !
(English Version Only)
Jan 29, 2004
Communnilink has received many reports of this worm from the wild.
Description
The MyDoom worm (also known as Novarg or Mimail-R) spreads via email, using a variety of technical-sounding subject lines and attachment names. If the attached file is launched, and the worm activated, the infected computer's hard disk is harvested by the worm for more email addresses to send itself to. The worm opens a backdoor onto infected computers which allows hackers to gain access.
|
Alias |
Attachment |
Details |
| Win32.Mydoom.A |
ZIP.Mydoom.A, W32/Mydoom@MM (McAfee) ,
W32.Novarg.A@mm (Symantec) ,
Win32/Shimg.Worm , Win32/Shimg.zip.Worm)
|
Data, Readme, Message
Body, Text, file, doc, document (.bat, .cmd, .pif, .exe, and .scr) |
[Click for details] |
| Win32.Mydoom.B |
I-Worm.Mydoom.b (Kaspersky),
W32/Mydoom.B@mm (F-Secure),
W32/Mydoom.b@MM(McAfee),
Win32/Mydoom.B.Worm,
WORM_MYDOOM.B (Trend) |
body, text, document,
data, file, readme, message, doc (.bat, .cmd, .pif, .exe, and .scr) |
[Click for details] |
Win32.Mydoom.A
Between the 1st and 12th February 2004, the worm will attempt a denial-of-service attempt to www.sco.com, sending numerous GET requests to the web server.
After the 12th February W32/MyDoom-A will no longer spread, due to an expiry date set in the code. It will, however, still run the backdoor component.
Win32.Mydoom.B
Between the 1st February and 1st March 2004, there is a 20% chance that the worm will attempt a denial-of-service attacks against www.sco.com, sending numerous GET requests to the web server. Between 3rd February and 1st March 2004 there is a 30% chance that the worm will attempt the same denial-of-service attack against www.microsoft.com.
After the 1st March W32/MyDoom-B will no longer spread, due to an expiry date set in the code. It will, however, still run the backdoor component.
Solution
New virus definition is available from anti-virus vendors to detect and remove this virus.
If you do not install any anti-virus program, you can download the following removal tools to clean it.
Sophos
W32/MyDoom-A -
http://www.sophos.com/support/disinfection/mydooma.html
W32/MyDoom-B -
http://www.sophos.com/support/disinfection/worms.html
Mcafee
W32/Mydoom@MM -
http://vil.nai.com/vil/legend.htm#Removal_Instructions
Symantec
W32.Novarg.A@mm -
http://securityresponse.symantec.com/avcenter/venc
/data/[email protected]
W32.Mydoom.B@mm -
http://securityresponse.symantec.com/avcenter/venc
/data/[email protected]#removalinstructions
Related Link(s)
For more information, please refer to the following websites.
Win32.Mydoom.A - Information from Computer Associates
Win32.Mydoom.B - Information from Computer Associates
Information from McAfee
Win32.Mydoom.A - Information from Sophos
Win32.Mydoom.B - Information from Sophos
W32.Novarg.A@mm - Information from Symantec
W32.Mydoom.B@mm - Information from Symantec
News Contact
Service Hotline: (852) 2998 0808
Fax: (852) 29977800
Email: [email protected]
|
