F-Secure Raises ''Mydoom'' Virus to Alert Level-1; Windows Worm Launching World-Wide Attack Against SCO Website.Business Editors/High-Tech Writers SAN JOSE, Calif.--(BUSINESS WIRE)--Jan. 26, 2004 F-Secure is warning email users around the world about a new Windows worm which is spreading rapidly. The new worm, known as Mydoom or Novarg, is spreading through email attachments and Kazaa file sharing networks. The worm has launched a world-wide denial-of-service attack from every infected computer against the website of SCO (The SCO Group, Lindon, UT, www.sco.com) A leading vendor of Unix operating systems for the x86 platform. SCO had also offered Linux, but abandoned the line in the spring of 2003. The SCO Group is the combination of two companies: Utah-based Caldera, Inc. , one of the largest Unix vendors in the world. However, the WWW WWW or W3: see World Wide Web. (World Wide Web) The common host name for a Web server. The "www-dot" prefix on Web addresses is widely used to provide a recognizable way of identifying a Web site. .SCO.COM (1) (Computer Output Microfilm) Creating microfilm or microfiche from the computer. A COM machine receives print-image output from the computer either online or via tape or disk and creates a film image of each page. site seems to be still operational. There's been a lot of discussion about SCO after they claimed last December that the Linux operating system was violating SCO's intellectual property rights in UNIX technology. "There are a lot of kids out there who feel like SCO's attacking them," comments Mikko Hypponen, Anti-Virus Analyst at F-Secure Corporation. "Apparently one of them decided that it's OK to attack back." In addition to the denial-of-service attack, the worm also opens up a backdoor to infected computers by listening to TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. port 3176. This way the worm author can gain access to infected computers afterwards. The emails sent by the worm are fairly random: From: (random email address) To: (address of the recipient) Subject: (random words) Message body: (several different mail error messages, such as...) - Mail transaction failed. Partial message is available. Attachment: (with a textfile icon) - random name ending with ZIP, BAT, CMD CMD cerebromacular degeneration. , EXE Exe (ĕks), river, c.55 mi (90 km) long, rising in the Exmoor, Somerset, SW England, and flowing S across the Cornwall peninsula, past Exeter to the English Channel at Exmouth. , PIF (Program Information File) A data file in Windows 3.x and NT that stores window settings for DOS applications. It allows screen size, fonts and other options to be selected in order to customize the way the DOS app appears under Windows. or SCR (Sequence Control Register) See program counter. extension. When a user clicks on the attachment, the worm will start Notepad, filled with random characters and it will immediately start to spread further. NOTE TO EDITORS: Detailed technical descriptions of the worm as well as screenshots are available in the F-Secure Virus Description Database at http://www.f-secure.com/v-descs/novarg.shtml. F-Secure Anti-Virus can detect and stop the Mydoom worm. F-Secure Anti-Virus can be downloaded from http://www.f-secure.com. F-Secure will also be releasing a free tool which can be used to remove Mydoom from infected systems. About F-Secure F-Secure Corporation is the leading provider of centrally managed security solutions for the mobile enterprise. The company's award-winning products include antivirus and network security solutions for major platforms from desktops to servers and from laptops to handhelds. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since November 1999. The company is headquartered in Helsinki, Finland, with the North American headquarters in San Jose, California San Jose (IPA: /ˌsænhoʊˈzeɪ/) is the third-largest city in California, and the tenth-largest in the United States. It is the county seat of Santa Clara County. , as well as offices in France, Germany, Sweden, Japan and the United Kingdom and regional offices in the USA. F-Secure is supported by a network of value added resellers and distributors in over 90 countries around the globe. Through licensing and distribution agreements, the company's security applications are available for the products of the leading handheld equipment manufacturers, such as Nokia. Automatic Alert Notification: If you only wish to automatically receive our press releases concerning viruses, please go to: http://www.F-Secure.com/news/subscribe.html and first unsubscribe To cancel a service. It is often possible to unsubscribe to an e-mail service by typing the word "unsubscribe" into a reply message. Contrast with subscribe. See opt-out. from press-english-interest@lists.F-Secure.com and then subscribe to press-english-virus-announcement@lists.F-Secure.com. F-Secure is a registered trademark of F-Secure Corporation. PersonalExpress and Security as a Service are trademarks of F-Secure Corporation. All other company and product names may be trademarks of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion