Slashdot Mirror


Today's Windows Virus - MyDoom / Novarg

Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.

5 of 847 comments (clear)

  1. Re:This is not a good thing by finkployd · · Score: 5, Interesting

    What leads you to believe this is someone from the Linux community? I say it is equally likely someone who hates Linux and wants to make it look bad. Out of work MCSE? SCO employee (assuming they still have people there who can code)? Who knows. Given that this whole SCO mess has been nothing more than a PR war I wouldn't put it past them to have someone do this to improve their image.

    Finkployd

  2. Re:Finally! by Zocalo · · Score: 5, Interesting
    *Now* you tell me, I'd have kept the damn thing if I'd known (joke)! I've just finished updating by Virus signatures after a copy of this sucker slipped by the set I only got this morning. If you are running McAfee on your Windows boxen the latest DAT/SDAT at time of writing (4318) is NOT sufficient! You also need the Extra.DAT file which you can grab from here:

    http://vil.nai.com/vil/content/v_100983.htm

    (Scroll down for the download links to the updates), or the 4319 DAT/SDAT when it becomes available.

    --
    UNIX? They're not even circumcised! Savages!
  3. I would like to see a study done by theCat · · Score: 5, Interesting

    that aims to define exactly who it is that is opening email, saving attachments, opening the attachment, running the payload, and is not using AV software. I mean that is a lot of work by someone with at least *some* clue about email. Who is doing this? Is there a profile? Is it generally a home user, or generally at a public school? Is it that there is a subset of people that for their own sick reasons *always* runs infection attachments just to watch the LAN go down so they can go home early? I'm becoming suspicious [tinfoil hat goes on and is pulled down hard]

    --
    =^..^= all your rodent are belong to us
  4. Re:Finally! by bangular · · Score: 5, Interesting

    I think www.sco.com as we know it will probably have traffic from this virus FOREVER. Virii don't go away. Hell, I still see hits from code red in my logs. How long ago was that? SCO is looking at the very least a week of MAJOR traffic, more likely at least a month. Then if somehow the virus dies down a bit, they will probably see a couple hundred megabytes of virus traffic a day at least.

  5. This was probably done to defame us by Bruce+Perens · · Score: 5, Interesting
    We're about the last people who would be out writing Windows viruses. This was probably done to defame us. Or possibly the source of the virus is the usual one - spammers - since it has mass-mailing capability, and the SCO DOS is just misdirection aimed at the community that has produced so many spam-blocking techniques.

    Bruce