Slashdot Mirror
Today's Windows Virus - MyDoom / Novarg
Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec
and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.
Here's another story.
Funny that I come to submit the article and already find it at the top of the page...
Hi,
I believe ClamAV was the first virus scanner to pick it up and because they couldn't find any others that had picked it up and named it, they called it "Worm.SCO.A". Gotta like Open Source.
Oh, and I've blocked over 3000 copies of the worm in the last few hours with clamav.
Jib
Who the hell is gonna open a 3kb executable from kazaa?
The same idiots who install it.
Kazaa is not secure. It installs spyware that monitors keyboard activity. If you type an email address on a PC that has Kazaa, that address will be spammed into oblivion. Webshots does the same thing. Not directly, but through one of many third party applications that are installed silently.
Life is the leading cause of death in America.
"We're about the last people who would be out writing Windows viruses."
Try reading at -1 every once in a while.
The social engineering on this one isn't half bad.
.zip file was "readme.txt%20%20%20%2020%20%20%2020%20%20%20.scr" , which shows as "readme.txt" in the Windows GUI.
The first one I got looked like a bounce message, with text saying there were some non-7bit characters so the full message would be in an attachment.
The payload inside the
Believe it or not, there are mailers in the Windows world that send bounces with the original message as an attachment. This worm could easily fool someone who wasn't technical or wasn't paranoid.