Symantec Security Response - W32.Novarg.A@mm Updat
Symantec Security Response - W32.Novarg.A@mm (also known as Novarg, Shimgapi, W32/Mydoom@MM and Win32/Shimg) update
Symantec Security Response has been continuing to track W32.Novarg.A@mm (also known as Novarg, Shimgapi, W32/Mydoom@MM and Win32/Shimg) and has noticed significant new activity surrounding the threat:
Symantec's Threat Management System is seeing activity targeting port 3127. This indicates that attackers have begun scanning for and are potentially compromising infected systems. They are targeting the backdoor on this port, which can allow them to upload new malicious code as well as use the infected system to launch further attacks and forward SPAM email. To date Symantec has seen 2,000 unique sources scanning for this port.
To date, Symantec Security Response has received 4,800 submissions worldwide of W32.Novarg.A@mm. Symantec Security Response has witnessed a spike in submissions in the last three hours of W32.Novarg.A@mm, bringing submissions back up to a 100-140 per hour rate. Prior to this spike, the submissions had leveled off to 80 per hour in the last 15 hours. Symantec Security Response is continuing to research and monitor the spike.
Symantec Security Response has confirmed there is a variant of W32.Novarg.A@mm, W32.MyDoom.B@mm and has rated it a Level 2 threat. W32.MyDoom.B@mm is a mass-mailing worm that arrives as an attachment. It performs a denial of service attack on www.sco.com and www.microsoft.com and allows unauthorized remote access to the compromised host.