Variant of MyDoom spotted

FRAMINGHAM (01/28/2004) - Anti-virus vendors in Romania, Russia and the U.S. are warning that they have identified a new variant of the mass-mailer worm known as MyDoom or Novarg, and are warning it is more dangerous than the original worm that appeared Monday.

According to Kaspersky Labs Ltd. and BitDefender Inc., the Novarg.B variant that has just been identified spreads via e-mail and attachments llike its predecessor in addition to traveling via the KaZaA file-sharing network. According to Kaspersky Labs, the worm is about 28 kilobytes in size and contains the following text: "sync-1.01: andy: I'm just doing my job, nothing personal, sorry." Both BitDefender and Kaspersky say the Novarg.B variant is programmed to attack the Microsoft Web site in addition to the SCO Web site that the original MyDoom/Novarg targets.

Network Associates Inc. and Symantec Corp. say they also are examining the sample code of the new variant and would soon issue findings on it.

The new variant may be making use of infected desktops to spread. Mihai Neagu, virus researcher at BitDefender, predicted a new wave of infections of this mass mailer is likely. It appears to be far more dangerous than the original variant. According to Kaspersky Labs, the worm appears to modify the standard 'hosts' file in the Windows folder of the victim's desktop so that the user cannot access some sites, including security-related Web sites. These appear to include sites www.f-secure.com, www.sophos.com, www.symantec.com, the www.nai./com site from Network Associates, the Kaspersky Web site and www.viruslist.ru, www.trendmicro.com, www.ca.com of Computer Associates International Inc. and several related FTP sites for security protections.

In addition, sites for DoubleClick Inc., FastClick and others are also blocked.

Anti-virus vendors are still analyzing whether a new signature update is required to block the virus. Therefore, network managers should caution employees against opening file attachments known to carry the MyDoom and Novarg at least until further determination about the nature of the new variant is made.

Join the newsletter!

Error: Please check your email address.

More about CA TechnologiesDoubleClickF-SecureKaZaAMicrosoftNAISophosSymantec

Show Comments

Market Place

[]