According to Symantec the W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. Network Associates is calling the worm W32/Mydoom@mm.
The worm will perform a denial of service attack (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files.
Taking advantage of the Kazaa P2P network, the worm will copy itself to the download folder of a computer with Kazaa installed and name itself something that may be of interest to potential downloaders.
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities
- From pranks to nuclear sabotage, this is the history of malware
- Hackers modify ransomware to deliver a Coinhive cryptocurrency-mining payload
- Slingshot malware that attacks routers may be state-sponsored espionage tool
- How to remove Android malware from your phone or tablet