New DOOM worm spreading rapidly and delivers DOS on the folks at SCO
SCO knocked into submission by DoS from DOOMed computers
01-26-2004 10:29:17 PM CST -- by Robert Lemos for CNET's News.com


A mass-mailing virus that quickly spread around the Internet on Monday is compromising computers so they attack the SCO Group's Web server with a flood of data, according to antivirus companies. The virus — known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies — arrives in an in-box with one of several different random subject lines such as “Mail Delivery System,” “Test” or “Mail Transaction Failed.” The body of the e-mail contains an executable file and a statement such as: “The message contains Unicode characters and has been sent as a binary attachment.” “It's huge,” said Vincent Gullotto, a vice-president in security software maker Network Associates' antivirus emergency response team. “We have it as a high-risk outbreak.” In one hour, Network Associates itself received 19,500 e-mails bearing the virus from 3,400 unique Internet addresses, Mr. Gullotto said. One large telecommunications company has already shut down its e-mail gateway to stop the virus.

Once the virus infects a PC, it installs a program that allows the computer to be controlled remotely. The PC then starts sending data to the SCO Group's Web server, a Symantec spokesman said. The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims. SCO technicians couldn't immediately confirm that a denial-of-service attack had begun. By 4 p.m. PST, the company's Web site was slow to load, a SCO spokesperson acknowledged, but the site was still accessible from the World Wide Web. SCO's Web site was taken offline by such denial-of-service attacks a handful of times in the last year. In the past, the company has blamed Linux sympathizers for at least one of the attacks.

Antivirus companies were scrambling on Monday afternoon to learn more about the virus, which started spreading about noon PST. “A lot of the information is encrypted, so we have to decrypt it,” said Sharon Ruckman, a senior director in antivirus software maker Symantec's security response centre. Symantec has had about 40 reports of the virus in the first hour, a high rate of submission, Ms. Ruckman said.....continued....

Click here to continue reading this story at CNET's News.com

Here are some other stories on this latest worm...

• Novarg e-mail worm spreading fast - Houston Chronicle
• Speedy Worm Invades E-Mail In-Boxes - Yahoo! US
• Antivirus companies say latest e-mail worm spreading fast - Anchorage Daily News, Alaska
• Computers attacked by serious new virus - New Zealand Herald
• Fast-Spreading Worm Spells Doom - PC World
• Latest e-mail worm spreading fast - Minneapolis Star Tribune, Minnesota
• New "Mydoom" worm launching a world-wide attack - F-Secure - New Virus Descriptions
• MyDoom worm spreads widely across internet, Sophos warns users to be wary of viral... - Sophos
• New mass mailing E-mail worm spreading quickly - CTV.ca
• PC virus spreads quickly, whacks SCO - The Globe And Mail
• Virus Alert: Network Associates(R) McAfee AVERT Places High Risk Outbreak Assessment on New
• W32/Mydoom@mm...
• MyDoom computer worm spreading quickly - SiliconValley.com
• Fast-Moving Virus Launches DDoS on SCO - Netcraft
• Today's Windows Virus - MyDoom / Novarg - Slashdot
• MyDoom virus hammering Windows systems - NewsForge
• MyDoom E-Mail Worm Spreading Quickly - eWeek
• Mydoom worm spreading rapidly - ComputerWorld
• E-mail worm, Mydoom, spreading rapidly - InfoWorld
• Symantec says new worm can attack SCO website - Sydney Morning Herald
• Malicious Software Report - W32/MyDoom - UNIRAS

• the folks at Sophos
• the folks at McAfee
• the folks at Symantec who called this one NovRag ???
• the folks at Computer Associates
• the folks at F-Secure