Mass-mailing worm (W32.Novarg.A@mm) on the loose - 1-26-04!
This question was answered on January 27, 2004. Much of the information contained herein may have changed since posting.
W32.Novarg.A@mm is a level 4 mass-mailing worm that has hit the net like a ton of bricks It generally arrives as an attachment to e-mail with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip If you open an infected attachment, a backdoor program will be installed into the system that will allow a remote attacker to access and make use of the computer.
The email message has the following characteristics:
From: Usually a spoofed 'from' address, meaning that the address used is not the actual sender..
DO NOT BLAME THE SENDER, AS THEY ARE AN INNOCENT PARTY TO THE WORM!
Subject: (Generally one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
Message: (Generally, one of the following)
Mail transaction failed Partial message is available
The message contains Unicode characters and has been sent as a binary attachment
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachment: (Generally one of the following)
document
readme
doc
text
file
data
test
message
body
This worm also copies itself to Kazaa download folders as one of the following files in an attempt to spread via the popular file sharing network:
winamp5
icq2004-final
activation_crack
strip-girl-2.0bdcom_patches
rootkitXP
office_crack
nuke2004
with a file extension of:
.pif
.scr
.bat
.exe
This worm is designed to attack all current versions of Windows but does not affect DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x based systems
Get complete instructions on protection and removal from Symantec at:
<a href= "http://www.sarc.com/avcenter/venc/data/[email protected]"> http://www.sarc.com/avcenter/venc/data/w32.novarg.a@mm.html</a>
Note: The attachment may have two suffixes If so, the first suffix will be one of the following:
.htm .txt .doc
The worm will always end with one of the following suffixes:
.pif .scr .exe .cmd .bat .zip
About the author
Posted by Michal of Data Doctors on January 27, 2004
Need Help with this Issue?
We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!