Latest Email worm has SCO-facing payload

Novarg / MyDoom declared critical

Going by the name of 'Novarg' or 'MyDoom', the latest mass-mailing worm to infest your in-tray is spreading at the same rate as SoBig, according to the anti-virus industry.

The worm also targets the SCO Group's corporate website, according to a Symantec alert. On Windows PCs, the worm creates 64 threads which will hit www.sco.com with GET requests, between February 1 and 12. It also copies itself to KaZaA's download directory, masquerading as a software executable: names include icq2004-final and winamp5.

Windows users should check for a file named shimgapi.dll in the system directory, and update their AV software.

For most users the major inconvenience will be the bandwidth consumed: the executable attachment is 22kb in size. For SCO, it represents a different problem. When the Blaster worm was primed to attack Microsoft's Windows Update servers, the company shut down for the duration of the attempted denial of service. ®

Related Stories

Blaster rewrites Windows worm rules [full coverage]
Sobig-F is dead
And now we are One. Many unhappy returns to SoBig
Sobig-F blamed for massive increase in spam
Sobig beats Blaster in Top of the Viral Pops
Sobig-F is fastest growing virus ever - official
Yahoo! variant! of! Microsoft! support! worm! spreading! rapidly!
Heavy squalls of blended worms to hit next year

Sponsored: Today’s most dangerous security threats