Mydoom / Novarg Virus

[Pave Low]

As many of you know there is a new Virus out that is currently infecting machines all over the place and is on course to be the "largest virus outbreak in months".

It is known as one of the following aliases:

• Mydoom
  
• Mimail.R,
  
• Novarg.A,
  
• Shimg,
  
• W32.Novarg.A@mm,
  
• W32/Mydoom@MM
  

My mother received an infected e-mail just a few hours ago but fortunately Norton Anti-Virus stopped it dead.

So to those of you with decent AV software, I recommend you update your signature files asap before downloading any e-mail.

Full Virus Details can be found here > Symantec or here > Sophos

A less technical article can be found at the BBC News page or at CNN news page

[Avey]

The new virus, which has the aliases of MyDoom or Novarg, arrives as an

attachment with an .exe, .scr, .zip or .pif extension and can have a subject

line of "test" or "status." Another recent virus purports to be from Microsoft

and instructs people to click on the attachment to install a security upgrade.

Microsoft do not send out such e:mails and the 'upgrade' contains a virus.

[Rocky]

I have had sooo many of those emails, this is big.

[Crimson]

Anyone know how it affects the computer?

Edited January 27, 2004 by Crimson

[Dannik]

In brief, this worm scans your local files for email addresses, harvests them, attempts to send itself to those email addresses, and also leaves a "back door" on your system.

It's most obvious "function" is providing a DDoS attack on SCO's webserver.

[Rocky]

I couldn't figure out a quick check to see if your machine is infected. I am getting so many through the mail, and so many bounced to be that I am wondering. AVG came up clean, is there a certain file we can search for in a certain folder to know if we have it?

[Rocky]

%System%\Shimgapi.dll:

I think that means if you have that file in your windows/system folder, you are screwed.

[ZJJ]

There is... below is the message I got at work...

Mydoom  is a highly pervasive new computer worm (a program that makes copies of itself by using e-mail or any number of other methods) that is attacking computers worldwide.

This worm arrives at your pc in one of two ways:

1) P2P file sharing.  The worm can spread to your PC  if you access Internet file sharing networks, like Kazaa, or many web chat programs that use ICQ. 

2) Via email attachment.  The subject line/name/extension all vary.  It "spoofs" the from name, so it may arrive in an email from someone you know.  (This also means that someone else may also get the virus with your name in the "from" line, but that doesn't mean the virus was sent by you.  It simply means your address was in someone's address book who had the virus and it used those addresses when it replicated).

What you can do for your home PC:

The best thing you can do is to update your anti-virus program and do not open email attachments, even if the sender name is familiar to you.  One way to look for the worm is to go to Start, Search, and look for the file shimgapi.dll  on your local C drive.  If you find the file, you have the worm.

[firefly2442]

Symantec has a free tool and removal steps if you have it....

[Stalker]

that worm sucks like sobig f in summer 2003...

every day up to 150 infected mails

YOU DAMN VIRUS PROGRAMMER

[firefly2442]

It's SCOs fault.... j/k

[NYR_32]

I've had 2 E-Mails that were infected sent my way....Norton stopped it dead with the newest virus reference files.

[Dannik]

There's a new variant, apparently from the same author, except this one targets Microsoft.com.

[Parabellum]

My web host installed new AV software this week which scans e-mails, so I'm safe.

[deadly_sniper22]

I've had 2 E-Mails that were infected sent my way....Norton stopped it dead with the newest virus reference files.

Thankfully i have Norton!!

[Sart]

Bah, just got one of them flippin emails. Why must people invent this crap.

[Rocky]

Bah, just got one of them flippin emails. Why must people invent this crap.

One? Geez, I get 50 a day.

And it's not so much the people that invent them that really bug me, it's the fools who open them that are the problem.

[Sart]

Yeah yeah, "Mr. Popularity" rub it in.

Just for that, I'm going to forward it to you.

[Dark Ranger]

Sart, can you forward it to me?

I haven't received one of 'em at my personal account. I wanna test my high-tech Anti-Virus thingymabob.

Feel the wub.

@ Rocky

I completely agree with you. You don't know how frusturating it is to tell someone not to open emails/attachments from senders they don't recognize, only to receive a call from them 10 minutes later wondering why their Anti-Virus software popped up, informing them they had a virus attached to the email they just opened!

[Sart]

Sart, can you forward it to me?

I can't, I was joking about the whole forward thing, I deleted the frick'n thing soon as I got it.

I love the fact that the email was from me, nice touch, I haven't sent any email in over a week.

[Stalker]

in summer i got an infected mail from bajabravo

[SnowFella]

probably not the real Bajabravo mate. When Sobig-F was at its worst I got mails from what seemed to be from a number of different GR.net members, including one from Baja and Rocky himself. They were all from hotmail accounts though. I know this virus faked an addy but what I can't understand was how it could fake an addy so it showed up like it was from someone I knew from the forum.

[Rocky]

Indeed, you cannot go by the sender field. I got one from news@3dretreat this morning for example.

[Specter]

Most of these virus writing A-Holes don't want to get caught, so they piggyback an email address that they stole from a previous virus they sent out when they were stealing address books earlier in the year last year. We all remember that.

IP addys and email addys aren't proof of anything anymore without sophisticated software, a hell of a computer, and the knowledge to put them both to good use.

[Guest SI-Prozac]

hackers suck

like that one 15 old kid got caught ... what happened to him?

he better of gotten life behind bars.