New worm avoids feds for now

A new mass-mailing computer worm that began rapidly spreading throughout the Internet Jan. 26 apparently avoids targeting the e-mail addresses of government agencies, military facilities and large software companies, according to a security expert at a leading antivirus firm.

The worm -- known as MyDoom, W32.Novarg.A@mm, Shimgapi or as a variant of the MiMail worm -- is an encrypted program that creates a mass-mailing of itself, which may clog mail servers or degrade network performance.

By avoiding federal sites and large software companies, the worm's author could be "attempting to get lead time before antivirus definitions" are written to block the worm, said Alfred Huger, senior director of engineering with Symantec Security Response, a unit of Symantec Corp. that tracks and responds to virus outbreaks. If the worm started attacking .mil and .gov e-mail addresses as well as antivirus vendors, then signatures could be written to thwart it much sooner, he said. Symantec and other leading antivirus vendors have pushed out software updates to customers to help protect against the worm.

A likely target appears to be The SCO Group, a provider of Unix software based in Lindon, Utah. SCO has stirred emotions in the Linux community by claiming that important pieces of the open-source operating system are covered by SCO's Unix copyright.

The worm is programmed to instruct infected PCs to send a flood of bogus traffic, or a denial-of-service attack, to SCO's Web server Feb. 1 through Feb. 12. The worm can also drop a backdoor program onto a PC, allowing an intruder to take control of the machine, Huger said.

Although Novarg is comparable to other mass-mailing worms such as Sobig and MiMail, the latest worm is "written a little more robustly," Huger said. Other worms require either a mail server to be present on a network or access to a Domain Naming Server to spread. This one "comes with both pieces of functionality written in it," he said.

Novarg arrives with an attachment with an .exe, .scr, zip, or .pif extension and a subject line of "Mail Delivery System," "Test" or "Mail Transaction Failed."


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.