Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


W32.Novarg.A@Mm Upgraded To Level 4 Threat

News Release


New Mass-Mailing Worm Attempts to Launch a Denial-of-Service Attack Beginning February 1

Symantec, the world leader in Internet security, announced that it has upgraded the W32.Novarg.A@mm (also know as W32.Mydoom@mm) from a Level 3 to a Level 4 threat based on how fast the threat is spreading, the potential damage and the threat distribution. Additionally, the Symantec DeepSight Threat Analyst Team has increased the global ThreatCon from Level 1 to 2 due to the number of sample submissions Symantec has received and because of the malicious nature of the backdoor that the Trojan installed. Symantec’s ThreatCon rating provides a digital weather forecast of Internet Security.

Symantec Security Response is receiving submissions of W32.Novarg.A@mm at approximately the same rate it initially received submissions of Sobig.F@mm (discovered August 13, 2003). Yesterday, Symantec Security Response received more than 960 submissions of W32.Novarg.A@mm in a nine-hour timeframe.

Symantec customers can protect against W32. W32.Novarg.A@mm by updating their virus definitions through LiveUpdate. Additionally, the Worm Blocking technology found in the latest Symantec consumer products automatically detects this threat as it attempts to spread. Symantec Security Response encourages all users and administrators to adhere to basic security best practices.

About W32.Novarg.A@mm

W32.Novarg.A@mm is an encrypted mass-mailing worm that arrives as an attachment with a variety of different subject lines such as “hello,” “Mail Transaction Failed,” or “Test.” The attachment has one of the following extensions: .cmd, .exe, .scr., .zip, .pif, .bat, or .cmd. Once opened, the worm copies itself to the system folder as taskmon.exe and listens to all TCP ports in the range 3127 to 3198, allowing hackers to potentially send additional files to be executed by the infected systems.

The worm propagates by sending itself to addresses found in files with the extensions: .htm, .sht., .php, .asp, .dbx, .tbb, .adb., .pl, .wab, and .txt. It ignores addresses that end in .edu.

The worm will also attempt to perform a denial-of-service attack between Feb. 1 and Feb. 12, 2004 against The worm creates 64 threads that send HTTP “GET” requests to the SCO site. SCO is a provider of software solutions for small- to medium-sized businesses and replicated branch offices.

Additional information on W32.Novarg@mm can be found on Symantec’s Web site at

About Symantec

Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and email filtering, and remote management technologies and security services to enterprises and service providers around the world. Symantec’s Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries.


NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at on Symantec’s Web site.
Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

© Scoop Media

Business Headlines | Sci-Tech Headlines


Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>


Half A Billion Accounts: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>

Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>


Half Full: Fonterra Raises Forecast Payout As Global Supply Shrinks

Fonterra Cooperative Group, the dairy processor which will announce annual earnings tomorrow, hiked its forecast payout to farmers by 50 cents per kilogram of milk solids as global supply continues to decline, helping prop up dairy prices. More>>



Meat Trade: Silver Fern Farms Gets Green Light For Shanghai Maling Deal

The government has given the green light for China's Shanghai Maling Aquarius to acquire half of Silver Fern Farms, New Zealand's biggest meat company, with ministers satisfied it will deliver "substantial and identifiable benefit". More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news