[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] New worm avoids feds for now
From: William Knowles <wk () c4i ! org>
Date: 2004-01-28 10:43:39
Message-ID: Pine.LNX.4.44.0401280443190.31305-100000 () idle ! curiosity ! org
[Download RAW message or body]
Forwarded from: William Knowles <wk@c4i.org>
http://www.fcw.com/fcw/articles/2004/0126/web-virus-01-27-04.asp
BY Rutrell Yasin
Jan. 27, 2004
A new mass-mailing computer worm that began rapidly spreading
throughout the Internet Jan. 26 apparently avoids targeting the e-mail
addresses of government agencies, military facilities and large
software companies, according to a security expert at a leading
antivirus firm.
The worm -- known as MyDoom, W32.Novarg.A@mm, Shimgapi or as a variant
of the MiMail worm -- is an encrypted program that creates a
mass-mailing of itself, which may clog mail servers or degrade network
performance.
By avoiding federal sites and large software companies, the worm's
author could be "attempting to get lead time before antivirus
definitions" are written to block the worm, said Alfred Huger, senior
director of engineering with Symantec Security Response, a unit of
Symantec Corp. that tracks and responds to virus outbreaks. If the
worm started attacking .mil and .gov e-mail addresses as well as
antivirus vendors, then signatures could be written to thwart it much
sooner, he said. Symantec and other leading antivirus vendors have
pushed out software updates to customers to help protect against the
worm.
A likely target appears to be The SCO Group, a provider of Unix
software based in Lindon, Utah. SCO has stirred emotions in the Linux
community by claiming that important pieces of the open-source
operating system are covered by SCO's Unix copyright. The worm is
programmed to instruct infected PCs to send a flood of bogus traffic,
or a denial-of-service attack, to SCO's Web server Feb. 1 through Feb.
12. The worm can also drop a backdoor program onto a PC, allowing an
intruder to take control of the machine, Huger said.
Although Novarg is comparable to other mass-mailing worms such as
Sobig and MiMail, the latest worm is "written a little more robustly,"
Huger said. Other worms require either a mail server to be present on
a network or access to a Domain Naming Server to spread. This one
"comes with both pieces of functionality written in it," he said.
Novarg arrives with an attachment with an .exe, .scr, zip, or .pif
extension and a subject line of "Mail Delivery System," "Test" or
"Mail Transaction Failed."
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic