[LayoutGuru2]

Additional details from Symantec regarding the W32.Novarg.A@mm (aka Mydoom) email worm:

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates.

---

Notes:

• While the worm will stop spreading on February 12, 2004, the backdoor component will continue to function after this date.

From TrendMicro:

If the system date is later than February 12, 2004, this worm discontinues running all of its routines except its backdoor functionalities.

This worm is packed under UPX. Besides being compressed, the strings inside its body are encrypted.

[eastforker]

OK LG2, for those of us who nly know how to point and click what does this mean, is it a reality? Can it be stopped? Tech deficiant minds want to know.

[oceanview]

that DoS comment is not good. That last Nachi virus was (many of us at work believe this becasue we saw how it behaved) one of the reasons for the big blackout. Clogged LANs and servers stopped correct alarm information from coming to operator terminals. this is just my personal opinion.

[JustPiper]

Went to Trend did their free offer and glad to say obviously my two virus protectors are doing just that -g-