January 26th, 2004, 09:57 PM
New Virus - W32.Novarg.A@mm
Symantec just issued a new Category 3 Virus alert. The name of the virus is W32.Novarg.A@mm and while the information on it is a little thin, you can read about it here:
Category 3 - Moderate
Threat type characterized either as highly wild (but reasonably harmless and containable) or potentially dangerous (and uncontainable) if released into the wild.
Symantec just upgraded this to a Category 4 Alert.
Category 4 - Severe
Dangerous threat type, difficult to contain. The latest virus definitions should be downloaded immediately and deployed.
January 26th, 2004, 10:40 PM
Coolt! Hehe. I use other AV and I have updated it already.
Thx for info. Hehe
// too far away outside of limit
January 26th, 2004, 10:51 PM
McAfee is calling this thing W32/Mydoom@MM - see link http://us.mcafee.com/virusInfo/defau...virus_k=100983
Aliases listed are:
Novarg (F-Secure), W32.Novarg.A@mm (Symantec), Win32/Shimg (CA), WORM_MIMAIL.R (Trend)
This thing is nasty and propagating like MAD! My company is seeing about 100 per hour for just THIS virus. So far seeing PIF, EXE, CMD, ZIP, and SCR file extensions.
AV vendors that have updates (that I know of) are: McAfee, Sophos, Norman, Symantec.
January 26th, 2004, 11:01 PM
AVG Has the update aswell
Signature image is too tall!
January 26th, 2004, 11:25 PM
Just updated McAfee again and it listed W32/Bagle@MM as a medium risk worm for home users as well. Don't know how long that one has been out, but somebody been busy lately.
January 27th, 2004, 12:05 AM
This virus is spreading fast. Ive gotten over 30 emails in the past hour saying 'hi' or 'test'
UPDATE YOUR AV NOW!!!!
That which does not kill me makes me stronger -- Friedrich Nietzche
January 27th, 2004, 01:17 AM
An interesting thing about this virus is that it can do a dos on www.sco.com , finally a virus that is at least partially useful , maybe the author was looking for sympathetic infections
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
January 27th, 2004, 01:24 AM
Thanks for the warning I was about a week or so behind my updates. I am learning a lot here.
January 27th, 2004, 02:21 AM
Ahhh the joys of working late.
This virus seems to be a bitch. We just got an email from the helpdesk (not sure which employee, since the helpdesk evening guy is sitting next to me and he didn't send it).
Anyways here's what it had to say
We're no longer allowed to open attachments at the college, until we hear back from our helpdesk. This thing sure seems to be spreading fast.
The worm arrives attached to an e-mail with a variable Subject and message body. The attachment also uses a variable name and extension.
The Subject may be selected from a long list carried by the worm, or may consist of randomly-generated characters. Examples of possible Subjects include:
Mail Delivery System
Mail Transaction Failed
The Message Body may be selected from a list carried by the worm, empty, or consist of randomly-generated, illegible garbage. An example of a Message Body used by the worm:
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The Attachment name is chosen from a list carried by the worm, or may consist of randomly-generated characters. Examples of attachment names used by the worm:
Attachments also use a variable extension. Extensions used by the worm for its attachment include .bat, .cmd, .pif, .exe, and .scr. The worm may also send itself as a .ZIP archive.
Just got another email from the helpdesk, we are now blocking all attachments. This virus is being treated as damn serious.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
January 27th, 2004, 03:08 AM
This thing must be making waves.... MSN already has an article on it (at least I think it's the same thing)..
Usually MSN is about 2 weeks behind.
This worm is taking off like a rocket, with well over 20,000 interceptions in just two hours of it being discovered," said Ken Dunham, director of malicious code at iDefense Inc.