w32.novarg.a@mm - New Rapidly Spreading Email Worm

[Supercod]

Tweet

A new worm has appeared today. Its method of spreading appears to be data mining email addresses from a user's computer, followed by emailing itself to those addresses. The recipient will receive an email with various headings, including:

Hi
Hello
Error
Server Report
Test

If you receive this email, do not open it. Immediately delete the email.

I know some of you have it because my private and work email addresses are getting sent a ton of these and only people I know / have sent me emails in the past would know it. My system is deleting them as they come in, however if you not got anything in place you could be sending them to others and not even know it.

Find out more: http://securityresponse.symantec.com...varg.a@mm.html

[NaturalInstinct]

This one has to be a record beater, i think i've had about 50 of them since last night

Who keeps opening the damn things ?

[Supercod]

Originally posted by NaturalInstinct
Who keeps opening the damn things ?

People you know, now that's a scary thought

[getvisible]

unberlievable.

Here's the count of what is upsetting Affiliates at this moment in time.

1. Google Update - New entry straight into #1
2. Non-paying merchants - Regular chart-topper
3. Merchant Payment Delays - Not having a good run of hits
4. Spyware - Making mucho mula without us knowing
5. Dollar Exchange Rate - A recent addition to the charts
6. Viruses - They're everywhere baby
7. Suspensions - Telly tubbies of the affiliate world
8. Dodgy CSV's - Sure to make u scream
9. System Crashes - Get down the shops me friend
10. Can't log in - Make a cuppa and change the track.

Earnings down 30% but hey that's still 100% more than I was earning a year ago!

[Barry]

Thanks Supercod,

this is by far the worst attack/spread I have ever seen I am having one of these viruses sent every 2-3 minutes now. Its getting silly.

Time to update those virus scanners people - like now.

Does it do any damage to the computer other than relaying itself?

[ianm]

From the link Supercod gave -

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files.

There was also talk of it recording keystrokes, but that could just be net gossip.

[Supercod]

We just got the virus from people working in the BBC, nice to see the virus filters they have are working, not!

Here is more information on this virus, think it will make the news it's going so fast.

http://xforce.iss.net/xforce/alerts/id/161

[getvisible]

a friend of mine developed some software for parents who wanted to monitor what their children were doing on the net. Totally feasible - he also used it to see who his girlfriend was emailing - huh!

This virus seems similar to the paypal one I was getting. But thank gawd not on the same scale.

[Supercod]

By the way if anyone is not worked out what they should be doing with this information is to try and sell virus killers off the back of it, Norton and McAfee will be that's for sure

[tshirtsuntan]

The worm will perform a DoS starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.......

Apparantly its setup to perform a DoS attack (Denial of Service) on www.sco.com on a certain date. That company has pissed someone off...

[NaturalInstinct]

That website is already down, looks like all they had to do was threaten a DoS attack Who are SCO anyway ?

[watcher]

SCO - Santa Cruz Operation. Offer one of the flavours of Unix.

I think there is also some dispute as to whether they own the name Unix or not.

[ianm]

Originally posted by watcher
I think there is also some dispute as to whether they own the name Unix or not.

More than just the name - they are claimimg (C) of parts of Linux, which threatens the existance of Linux.

Rather ironic that MS technology is being used to attack a company threatening Linux

[tshirtsuntan]

conveinient springs to mind. After all Unix and Linux are pretty much the only competition they've got.

[tshirtsuntan]

Either that website was down when you visited it NaturalInstinct or you're infected cos I checked it earlier and it was there and I just checked it just now and it's still there.

You may wanna check that out.