[LayoutGuru2]

Some details from Symantec regarding today's W32.Novarg.A@mm email worm:

Copies itself to KaZaA download directory as one of the following files:

• winamp5
• icq2004-final
• activation_crack
• strip-girl-2.0bdcom_patches
• rootkitXP
• office_crack
• nuke2004

[swarthyguy]

Bump. a widespread fast spreading net attack.

Something to raise paranoia, if even "just" hackers, not jihadis.

[LayoutGuru2]

Additional details from Symantec regarding the W32.Novarg.A@mm (aka Mydoom) email worm:

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates.

---

Notes:

• While the worm will stop spreading on February 12, 2004, the backdoor component will continue to function after this date.

From TrendMicro:

If the system date is later than February 12, 2004, this worm discontinues running all of its routines except its backdoor functionalities.

This worm is packed under UPX. Besides being compressed, the strings inside its body are encrypted.