Store Locator: Enter Zip Code: List All Locations

Alert! New mass mailing e-mail worm W32.Novarg.A@mm is loose!

Question

Mass-mailing worm (W32.Novarg.A@mm) on the loose - 1-26-04!

Answer

This question was answered on January 27, 2004. Much of the information contained herein may have changed since posting.

W32.Novarg.A@mm is a level 4 mass-mailing worm that has hit the net like a ton of bricks. It generally arrives as an attachment to e-mail with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. If you open an infected attachment, a backdoor program will be installed into the system that will allow a remote attacker to access and make use of the computer.

The email message has the following characteristics:

From: Usually a spoofed 'from' address, meaning that the address used is not the actual sender...

DO NOT BLAME THE SENDER, AS THEY ARE AN INNOCENT PARTY TO THE WORM!

Subject: (Generally one of the following)

test

hi

hello

Mail Delivery System

Mail Transaction Failed

Server Report

Status

Error

Message: (Generally, one of the following)

Mail transaction failed. Partial message is available.

The message contains Unicode characters and has been sent as a binary attachment.

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Attachment: (Generally one of the following)

document

readme

doc

text

file

data

test

message

body

This worm also copies itself to Kazaa download folders as one of the following files in an attempt to spread via the popular file sharing network:

winamp5

icq2004-final

activation_crack

strip-girl-2.0bdcom_patches

rootkitXP

office_crack

nuke2004

with a file extension of:

.pif

.scr

.bat

.exe

This worm is designed to attack all current versions of Windows but does not affect DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x based systems.

Get complete instructions on protection and removal from Symantec at:

<a href= "http://www.sarc.com/avcenter/venc/data/w32.novarg.a@mm.html"> http://www.sarc.com/avcenter/venc/data/w32.novarg.a@mm.html</a>

Note: The attachment may have two suffixes. If so, the first suffix will be one of the following:

.htm .txt .doc

The worm will always end with one of the following suffixes:

.pif .scr .exe .cmd .bat .zip

Author

Posted by Michal of Data Doctors on January 27, 2004

Personal Services | Business Services | Radio Show | Free Help Center | Franchising | About Us | Sitemap

Business Network Solutions | Computer Data Recovery | Computer Franchises | Computer Hardware Repair | Computer Help | Computer Network Support | Computer Problems | Computer Repair | Computer Troubleshooting | Data Recovery | Data Recovery Service | Data Recovery Services | Disk Recovery | File Recovery | Wireless Networking Solutions