Virus Alert: Novarg / MiMail / MyDoom
Page 1 of 9 123 ... LastLast
Results 1 to 10 of 83

Thread: Virus Alert: Novarg / MiMail / MyDoom

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    New Virus - W32.Novarg.A@mm

    Symantec just issued a new Category 3 Virus alert. The name of the virus is W32.Novarg.A@mm and while the information on it is a little thin, you can read about it here:

    http://securityresponse.symantec.com...varg.a@mm.html

    Category 3 - Moderate
    Threat type characterized either as highly wild (but reasonably harmless and containable) or potentially dangerous (and uncontainable) if released into the wild.
    Cheers:

    [edit]
    Symantec just upgraded this to a Category 4 Alert.

    Category 4 - Severe
    Dangerous threat type, difficult to contain. The latest virus definitions should be downloaded immediately and deployed.
    Cheers:
    DjM

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    Coolt! Hehe. I use other AV and I have updated it already.

    Thx for info. Hehe
    // too far away outside of limit

  3. #3
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Thanks DJM!

    McAfee is calling this thing W32/Mydoom@MM - see link http://us.mcafee.com/virusInfo/defau...virus_k=100983

    Aliases listed are:
    Novarg (F-Secure), W32.Novarg.A@mm (Symantec), Win32/Shimg (CA), WORM_MIMAIL.R (Trend)

    This thing is nasty and propagating like MAD! My company is seeing about 100 per hour for just THIS virus. So far seeing PIF, EXE, CMD, ZIP, and SCR file extensions.

    AV vendors that have updates (that I know of) are: McAfee, Sophos, Norman, Symantec.

  4. #4
    Member
    Join Date
    Sep 2003
    Posts
    69
    AVG Has the update aswell
    Signature image is too tall!

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Just updated McAfee again and it listed W32/Bagle@MM as a medium risk worm for home users as well. Don't know how long that one has been out, but somebody been busy lately.

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    This virus is spreading fast. Ive gotten over 30 emails in the past hour saying 'hi' or 'test'

    UPDATE YOUR AV NOW!!!!
    That which does not kill me makes me stronger -- Friedrich Nietzche

  7. #7
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    An interesting thing about this virus is that it can do a dos on www.sco.com , finally a virus that is at least partially useful , maybe the author was looking for sympathetic infections
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  8. #8
    Senior Member Boogymantroy's Avatar
    Join Date
    Jan 2004
    Location
    Memphis Tn
    Posts
    100
    Thanks for the warning I was about a week or so behind my updates. I am learning a lot here.

    Thanks people

    Boogyman

  9. #9
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Ahhh the joys of working late.

    This virus seems to be a bitch. We just got an email from the helpdesk (not sure which employee, since the helpdesk evening guy is sitting next to me and he didn't send it).

    Anyways here's what it had to say

    Virus Info!

    The worm arrives attached to an e-mail with a variable Subject and message body. The attachment also uses a variable name and extension.

    The Subject may be selected from a long list carried by the worm, or may consist of randomly-generated characters. Examples of possible Subjects include:

    Server Report
    Mail Delivery System
    hi
    status
    hello
    HELLO
    Hi
    test
    Test
    Mail Transaction Failed
    Server Request
    Error

    The Message Body may be selected from a list carried by the worm, empty, or consist of randomly-generated, illegible garbage. An example of a Message Body used by the worm:

    The message contains Unicode characters and has been sent as a binary attachment.
    The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

    The Attachment name is chosen from a list carried by the worm, or may consist of randomly-generated characters. Examples of attachment names used by the worm:

    Data
    Readme
    Message
    Body
    Text
    file
    doc
    document

    Attachments also use a variable extension. Extensions used by the worm for its attachment include .bat, .cmd, .pif, .exe, and .scr. The worm may also send itself as a .ZIP archive.
    We're no longer allowed to open attachments at the college, until we hear back from our helpdesk. This thing sure seems to be spreading fast.


    Peace,
    HT

    [EDIT]
    Just got another email from the helpdesk, we are now blocking all attachments. This virus is being treated as damn serious.
    [/EDIT]
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #10
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    This thing must be making waves.... MSN already has an article on it (at least I think it's the same thing)..

    Usually MSN is about 2 weeks behind.

    http://www.msnbc.msn.com/id/4065701/

    This worm is taking off like a rocket, with well over 20,000 interceptions in just two hours of it being discovered," said Ken Dunham, director of malicious code at iDefense Inc.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •