Full Disclosure mailing list archives
Re: W32.novarg.a - Highly distributed mass mailer
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 27 Jan 2004 13:39:29 +1300
Michael Skaff <michael () coolsign com> wrote:
Apologies if this is off topic, but I thought it merited posting, given the distribution. Norton has also tagged the same worm referenced in the previous posting from McAfee, but they're calling it Novarg. No details yet. We've seen a variety of file names and subject headers, although "Hi", "Hello" seem to be the most popular so far. "Text" "File" and "Message" seem to be popular file names. We are seeing ~25/hr @ the gateway, and rising.
You will see a lot more -- this seems to have gone ballistic... BTW, NAV detecting it as "Novarg" and Trend as "Mimail.R" is just another case of multiple labs working on the same massive outbreak independently before realizing just how widespread it was (or at least had realistic potential of reaching). I have heard from analysts at Symantec that they will rename it Mydoor to be in keeping with the bulk of the other developers, and Trend is pretty good about renaming things in such situations, so I guess they will follow suit too. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- W32.novarg.a - Highly distributed mass mailer Michael Skaff (Jan 26)
- Re: W32.novarg.a - Highly distributed mass mailer Nick FitzGerald (Jan 26)
- RE: W32.novarg.a - Highly distributed mass mailer Logan5 (Jan 26)
- RE: W32.novarg.a - Highly distributed mass mailer Nick FitzGerald (Jan 26)
- RE: W32.novarg.a - Highly distributed mass mailer Logan5 (Jan 26)
- Re: W32.novarg.a - Highly distributed mass mailer Nick FitzGerald (Jan 26)