Fast Spreading Worm To Attack SCO

According to Symantec the W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. Network Associates is calling the worm W32/Mydoom@mm.

The worm will perform a denial of service attack (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files.

Taking advantage of the Kazaa P2P network, the worm will copy itself to the download folder of a computer with Kazaa installed and name itself something that may be of interest to potential downloaders.