Re: [Full-Disclosure] W32.novarg.a - Highly distributed mass mailer

• Previous message: Kane Lightowler: "RE: [Full-Disclosure] Status"
• In reply to: Michael Skaff: "[Full-Disclosure] W32.novarg.a - Highly distributed mass mailer"
• Next in thread: Logan5: "RE: [Full-Disclosure] W32.novarg.a - Highly distributed mass mailer"
• Reply: Logan5: "RE: [Full-Disclosure] W32.novarg.a - Highly distributed mass mailer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Tue, 27 Jan 2004 13:39:29 +1300

Michael Skaff <michael@coolsign.com> wrote:

> Apologies if this is off topic, but I thought it merited posting, given the
> distribution.
>
> Norton has also tagged the same worm referenced in the previous posting from
> McAfee, but they're calling it Novarg. No details yet. We've seen a
> variety of file names and subject headers, although "Hi", "Hello" seem to be
> the most popular so far. "Text" "File" and "Message" seem to be popular
> file names. We are seeing ~25/hr @ the gateway, and rising.

You will see a lot more -- this seems to have gone ballistic...

BTW, NAV detecting it as "Novarg" and Trend as "Mimail.R" is just
another case of multiple labs working on the same massive outbreak
independently before realizing just how widespread it was (or at least
had realistic potential of reaching). I have heard from analysts at
Symantec that they will rename it Mydoor to be in keeping with the bulk
of the other developers, and Trend is pretty good about renaming things
in such situations, so I guess they will follow suit too.

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Kane Lightowler: "RE: [Full-Disclosure] Status"
• In reply to: Michael Skaff: "[Full-Disclosure] W32.novarg.a - Highly distributed mass mailer"
• Next in thread: Logan5: "RE: [Full-Disclosure] W32.novarg.a - Highly distributed mass mailer"
• Reply: Logan5: "RE: [Full-Disclosure] W32.novarg.a - Highly distributed mass mailer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]