 |
• January 29, 2004 •
Well, unless you have been living under a rock this week, I'm sure you have heard about the latest email worm going around the Internet.
The worm is mostly known by the name "Mydoom", but some Anti Virus firms have called it "Novarg". It started spreading on January 26th. It is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip (the worm also spreads over the Kazaa P2P network).
When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further. On infected computers, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can allow an attacker to connect to gain access to infected computers afterwards.
The worm will perform a Denial of Service (DoS) attack starting on February 1, 2004, from every infected computer against the website www.sco.com, which belongs to SCO, a well known Unix vendor.
Within two days of discovery, Mydoom has already spread more than Sobig.F, which spread massively in August 2003 and until now has held the title of the fastest spreading email worm in history.
One thing that "helped" Mydoom to spread so fast is the fact that unlike most other recent email worm outbreaks, Mydoom was found in the middle of business hours in USA and several large corporate networks got infected immediately.
Current estimates show that between 20% - 30% of all email traffic worldwide is generated by this worm. On our server so far this week 35.7% of all email messages where virus infected (11,750 from 32,930), and Mydoom accounted for 98% of all infected emails.
For more information contact your Anti Virus software vendor. I'll include two links here:
