Computer Advisory Notification

Home Table of Contents News Archive CANs Subscribe Products Services Promotions Pricing & Policies About Us Contact Us Links Search This Site Employee Intranet

CAN20040127a
Novarg.A/Mydoom Worm Outbreak

New Worm In Major Outbreak - Can Overload E-mail Servers, Open Backdoor Access To Computers, Execute Arbitrary Code

Dates & Revisions

  • Original CAN date: January 27, 2004
  • Latest revision: January 27, 2004

Systems Affected

  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows ME
  • Microsoft Windows NT
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
    •

Problem Overview

Already at major outbreak level within the last 24 hours, the Novarg.A worm (also known as Mydoom and Mimail.R) arrives as an e-mail attachment bearing the extension .bat, .cmd, .exe, .pif, .scr, or .zip. Once the attachment is opened, the worm opens several ports on your computer, allowing external hackers to connect to your computer and gain access to its network resources. Additionally, the worm has the ability to download and execute arbitrary files from the Internet, opening your computer to possible corruption/destruction of data.

The worm spreads by e-mailing itself to addresses it finds on an infected computer. This mass e-mailing activity has the ability to overload e-mail servers and reduce available bandwidth. Additionally, the worm tries to perform a denial-of-service (DOS) attack against www.sco.com, stealing further bandwidth from your Internet connection.

As if all this weren't bad enough, the worm also has been reported to have the capability to capture and transmit any keystrokes entered into the system, including credit card numbers and/or passwords.

Problem Details

For detailed technical descriptions of the problem, please review the following links:

Please note that the organizations controlling the content of the web sites referenced by these links may periodically update the information on their sites as new details about the severity of the threat become known.

What Should I Do?

You should immediately:

  • review the bulletins listed above and
  • delete any such e-mail which you receive without opening the attachment, and
  • update your anti-virus software with the latest available signature files.

What If I Am Unable To Fix The Problem?

If you are unable to correct these problems yourself or are unsure how to proceed, contact Logical Operators by clicking here and arrange to have one of our service technicians check your system and apply the corrections for you (standard service fees will apply). In addition to correcting the problem(s) listed in this CAN, our technicians can also test your system for thousands of other known threats which may be present on your system, make valuable recommendations on securing your system from future threats, and perform numerous other computing services.

Related Information:
 

Recent CAN Newsletters:
 

Recent CANs:

 

If You Are On A Managed Network...

If your computer is on a managed network, you should contact your network administrator before making any changes to your system to ensure that your changes will not conflict with other network services.

What Is A CAN?

You can read an overview of Computer Advisory Notifications by visiting the CANs home page. Complete instructions on how to subscribe to the CANs mailing list (and how to unsubscribe) are also listed there.

If you know of other computer users who would find this information useful, please forward a link to this page or your original CANs e-mail to them.