Re: Worm.SCO.A

[Brian Keefer <chort () amaunetsgothique com>]

On Mon, 2004-01-26 at 14:38, Shawn Jackson wrote:
>       Anyone else encountering this? I've just got hammered with a few
> hundred of these in the last hour and a half and I can't quite discern
> what exactly the virii is. There doesn't seam to be a map from ClamAV
> virus naming format to any other. Anyone have a clue of what this virus
> is?

It's MyDoom.A.  Sophos lists it as:

W32/MyDoom-A
Aliases Mimail.R, Novarg.A, Shimg, W32.Novarg.A@mm, W32/Mydoom@MM

More info is available on the usual sites.  In summary it does the
common "harvest e-mail addresses and remail myself" trick that we have
seen so many times now.  It also installs a backdoor for remote control,
readies itself to DDoS SCO's website, and according to some
(unsubstantiated, that I can tell) reports, it installs a keystroke
logger.

-- 
Brian Keefer, CISSP
Systems Engineer
CipherTrust Inc, www.CipherTrust.com


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------