Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
W32.Novarg.A@mm / W32/Mydoom@MM on the loose
Posted on 27-Jan-2004 11:54. | Tags Filed under: News.

Security firms are currently investigating a new mass-mailing worm. Initial submissions have been received with file extensions of .exe, .pif, .scr, and .zip. This virus tries to spread via email and by copying itself to the shared directory for Kazaa clients if they are present. The body of the message may contain the following variations:

  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
  • The message contains Unicode characters and has been sent as a binary attachment.
  • Mail transaction failed. Partial message is available.

    The worm itself is encrypted, and security firms are still working on this. Some companies call it W32/Mydoom@MM and others W32.Novarg.A@mm.

    When this file is run it copies itself to the local system with the following filenames:

    c:\Program Files\KaZaA\My Shared Folder\activation_crack.scr
    (Where %Sysdir% is the Windows System directory, for example C:\WINDOWS\SYSTEM)

    It also uses a DLL that it creates in the Windows System directory:

    %SysDir%\shimgapi.dll (4,096 bytes)

    It creates the following registry entry to hook Windows startup:

    CurrentVersion\Run "TaskMon" = %SysDir%\taskmon.exe

    When the machine gets infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This will potentially allow a hacker to connect to the machine and utilize it as a proxy to gain access to it's network resources. In addition, the backdoor has the ability to download and execute arbitrary files. The worm will perform a DoS starting on 1 February 2004.

  • More information:

    comments powered by Disqus

    Trending now »

    Hot discussions in our forums right now:

    Vodafone always connected
    Created by freitasm, last reply by 1eStar on 25-Oct-2016 23:18 (19 replies)
    Pages... 2

    Galaxy Note 7 Announcement and Owners' Thread
    Created by eracode, last reply by julianz on 25-Oct-2016 16:52 (1192 replies)
    Pages... 78 79 80

    Sony XZ Owners discussion
    Created by networkn, last reply by dafman on 25-Oct-2016 16:02 (112 replies)
    Pages... 6 7 8

    Shifting ISP and domain name
    Created by noob, last reply by noob on 25-Oct-2016 18:45 (13 replies)

    Rise of the machines
    Created by Rikkitic, last reply by richms on 25-Oct-2016 12:41 (40 replies)
    Pages... 2 3

    Gigabit cable now available
    Created by sub, last reply by SteveC on 24-Oct-2016 22:51 (61 replies)
    Pages... 3 4 5

    RNZAF Boeing 757 breaks down when carrying PM. RNZAF must have an atrocious dispatch reliability figure.
    Created by amiga500, last reply by Technofreak on 25-Oct-2016 22:31 (22 replies)
    Pages... 2

    Kiwibank Platinum by fees not by service?
    Created by joker97, last reply by openmedia on 22-Oct-2016 11:23 (22 replies)
    Pages... 2