Skip to content

New Mass Mailing Worm - W32/Mydoom@MM or W32.Novarg.A@mm

High Outbreak of New Mass Mailing Worm

McAfee calls it the W32/MyDoom@mm worm. Symantec has labeled it W32.Novarg.A@mm. Whatever it's called, it's nasty and it's spreading rapidly. Here's what you need to know:

The email address it appears to come from is spoofed. In the last hour, we've received over 30 of the infected emails -- all appear to have come from various financial institutions. Plus, we've gotten several return delivery failure notifications from entities who have received infected emails that spoof our return email address. These say "The contents of this message are corrupt. We cannot view this message."

The "Subject" line of the infected emails is random. This means it could say anything. Couple that with the fact that it may look like it is coming from a trusted source, and you've got trouble.

The email carries with it an attachment. In many of the cases, the attachment is a zip file, but it may also be an exe file, pif, cmd, or scr.

Once your machine is infected, the worm opens a connection on TCP port 3127. This may indicate that it is attempting to attain remote access.

Because this worm was just discovered January 26, 2004, the virus protection companies are still doing tests on it to determine what its payload is and other details.

Be sure your virus protection is up to date.


McAfee Information on this Worm
Symantec Information on this Worm

First published on 01/26/04

First published on 01/26/2004

Filed under: 
Filed under technology as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics