A new mass-mailing computer worm that began rapidly spreading
throughout the Internet Jan. 26 apparently avoids targeting the e-mail
addresses of government agencies, military facilities and large
software companies, according to a security expert at a leading
antivirus firm.
The worm known as MyDoom, W32.Novarg.A@mm, Shimgapi or as a variant
of the MiMail worm is an encrypted program that creates a
mass-mailing of itself, which may clog mail servers or degrade network
performance.
By avoiding federal sites and large software companies, the worm's
author could be "attempting to get lead time before antivirus
definitions" are written to block the worm, said Alfred Huger, senior
director of engineering with Symantec Security Response, a unit of
Symantec Corp. that tracks and responds to virus outbreaks. If the
worm started attacking .mil and .gov e-mail addresses as well as
antivirus vendors, then signatures could be written to thwart it much
sooner, he said. Symantec and other leading antivirus vendors have
pushed out software updates to customers to help protect against the
worm.
A likely target appears to be The SCO Group, a provider of Unix
software based in Lindon, Utah. SCO has stirred emotions in the Linux
community by claiming that important pieces of the open-source
operating system are covered by SCO's Unix copyright. The worm is
programmed to instruct infected PCs to send a flood of bogus traffic,
or a denial-of-service attack, to SCO's Web server Feb. 1 through Feb.
12. The worm can also drop a backdoor program onto a PC, allowing an
intruder to take control of the machine, Huger said.
Although Novarg is comparable to other mass-mailing worms such as
Sobig and MiMail, the latest worm is "written a little more robustly,"
Huger said. Other worms require either a mail server to be present on
a network or access to a Domain Naming Server to spread. This one
"comes with both pieces of functionality written in it," he said.
Novarg arrives with an attachment with an .exe, .scr, zip, or .pif
extension and a subject line of "Mail Delivery System," "Test" or
"Mail Transaction Failed."
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.