| Worm creates possessed zombie army to attack SCO website !
 (English Version Only)
 
 Jan 29, 2004
		 
Communnilink has received many reports of this worm from the wild.
 
 Description The MyDoom worm (also known as Novarg or Mimail-R) spreads via email, using a variety of technical-sounding subject lines and attachment names. If the attached file is launched, and the worm activated, the infected computer's hard disk is harvested by the worm for more email addresses to send itself to. The worm opens a backdoor onto infected computers which allows hackers to gain access.
 
 
    |  | Alias | Attachment | Details |  
    | Win32.Mydoom.A | ZIP.Mydoom.A, W32/Mydoom@MM (McAfee) , W32.Novarg.A@mm (Symantec) ,
 Win32/Shimg.Worm , Win32/Shimg.zip.Worm)
 | Data, Readme, Message
Body, Text, file, doc, document (.bat, .cmd, .pif, .exe, and .scr) | [Click for details] |  
    | Win32.Mydoom.B | I-Worm.Mydoom.b (Kaspersky), W32/Mydoom.B@mm (F-Secure),
 W32/Mydoom.b@MM(McAfee),
 Win32/Mydoom.B.Worm,
 WORM_MYDOOM.B (Trend)
 | body, text, document, 
data, file, readme, message, doc (.bat, .cmd, .pif, .exe, and .scr) | [Click for details] |  
Win32.Mydoom.A
 
Between the 1st and 12th February 2004, the worm will attempt a denial-of-service attempt to www.sco.com, sending numerous GET requests to the web server. 
 
After the 12th February W32/MyDoom-A will no longer spread, due to an expiry date set in the code. It will, however, still run the backdoor component.
  
Win32.Mydoom.B
 
Between the 1st February and 1st March 2004, there is a 20% chance that the worm will attempt a denial-of-service attacks against www.sco.com, sending numerous GET requests to the web server. Between 3rd February and 1st March 2004 there is a 30% chance that the worm will attempt the same denial-of-service attack against www.microsoft.com. 
 
After the 1st March W32/MyDoom-B will no longer spread, due to an expiry date set in the code. It will, however, still run the backdoor component.
  
Solution
 
New virus definition is available from anti-virus vendors to detect and remove this virus. 
 
If you do not install any anti-virus program, you can download the following removal tools to clean it. 
 
Sophos W32/MyDoom-A  - 
http://www.sophos.com/support/disinfection/mydooma.html
 W32/MyDoom-B  - 
http://www.sophos.com/support/disinfection/worms.html
 Mcafee W32/Mydoom@MM  - 
http://vil.nai.com/vil/legend.htm#Removal_Instructions
 
Symantec W32.Novarg.A@mm - 
http://securityresponse.symantec.com/avcenter/venc
 /data/[email protected]
 W32.Mydoom.B@mm - 
http://securityresponse.symantec.com/avcenter/venc
 /data/[email protected]#removalinstructions
 
Related Link(s)   
For more information, please refer to the following websites. 
 
Win32.Mydoom.A - Information from Computer Associates Win32.Mydoom.B - Information from Computer Associates
 Information from McAfee
 Win32.Mydoom.A - Information from Sophos
 Win32.Mydoom.B - Information from Sophos
 W32.Novarg.A@mm - Information from Symantec
 W32.Mydoom.B@mm - Information from Symantec
 
 
 
 News Contact
 
Service Hotline: (852) 2998 0808Fax: (852) 29977800
 Email: [email protected]
 
 
 
 |