Origins: Novarg is a mass-mailing worm that affects only Microsoft NT or Windows-based systems. It spreads over e-mail and Kazaa p2p
It enters its victims' computers as an attachment bearing a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip. Once in place, the worm creates a "backdoor" into infected systems by opening TCP ports 3127 thru 3198. That backdoor can potentially give an attacker the ability to use the subjugated computer to gain access to its network resources. If that's not bad enough, the backdoor has the ability to download and execute arbitrary files.
Novarg is programmed to let loose a denial of service attack against www.sco.com, the web site of the SCO Group, owners of the UNIX operating system, from 1 February through 14 February 2004. According to CNN:
Virus experts suggested MyDoom's author was a fan of the Linux open source community, because the bug, which targets computers running Microsoft Windows, launched a Denial of Service Attack on SCO's site. Utah-based SCO Group, owner of the UNIX operating system, claims some versions of the Linux operating system use its proprietary code.
Novarg-infected e-mails bear the following subject lines:
Mail Transaction Failed
The e-mail includes an attachment with an executable file and a body bearing a text statement such as:
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
Removal tools are available on F-Secure's web site (see below).
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.