E-mail this

  • Home

  • Search
  • Send Comments
  • What's New
  • Hottest 25
      Legends

  • Odd News
  • Glossary
  • FAQ

  • Autos
  • Business
  • Cokelore
  • College
  • Computers

  • Crime
  • Critter Country
  • Disney
  • Embarrassments
  • Food

  • Glurge Gallery
  • History
  • Holidays
  • Horrors
  • Humor

  • Inboxer Rebellion
  • Language
  • Legal
  • Lost Legends
  • Love

  • Luck
  • Media Matters
  • Medical
  • Military
  • Movies

  • Music
  • Old Wives' Tales
  • Photo Gallery
  • Politics
  • Pregnancy

  • Quotes
  • Racial Rumors
  • Radio & TV
  • Religion
  • Risqué Business

  • Science
  • September 11
  • Sports
  • Titanic
  • Toxin du jour

  • Travel
  • Weddings

  • Message Archive
 
Home --> Computers --> Virus Hoaxes & Realities --> Novarg

Novarg

Virus name:   Novarg (aka MyDoom).

Status:   Real.

Origins:   Novarg is a mass-mailing worm that affects only Microsoft NT or Windows-based systems. It spreads over e-mail and Kazaa p2p
network.

It enters its victims' computers as an attachment bearing a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip. Once in place, the worm creates a "backdoor" into infected systems by opening TCP ports 3127 thru 3198. That backdoor can potentially give an attacker the ability to use the subjugated computer to gain access to its network resources. If that's not bad enough, the backdoor has the ability to download and execute arbitrary files.

Novarg is programmed to let loose a denial of service attack against www.sco.com, the web site of the SCO Group, owners of the UNIX operating system, from 1 February through 14 February 2004. According to CNN:
Virus experts suggested MyDoom's author was a fan of the Linux open source community, because the bug, which targets computers running Microsoft Windows, launched a Denial of Service Attack on SCO's site. Utah-based SCO Group, owner of the UNIX operating system, claims some versions of the Linux operating system use its proprietary code.
Novarg-infected e-mails bear the following subject lines:
  • test
  • hi
  • hello
  • Mail Delivery
  • System Mail
  • Mail Transaction Failed
  • Server Report
  • Status
  • Error
The e-mail includes an attachment with an executable file and a body bearing a text statement such as:
  • The message contains Unicode characters and has been sent as a binary attachment.
  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
  • Mail transaction failed. Partial message is available.
Removal tools are available on F-Secure's web site (see below).

Additional Information:
  W32.Novarg.A@mm W32.Novarg.A@mm
(Symantec)
  MyDoom MyDoom
(F-Secure)
  MyDoom MyDoom
(McAfee)
Last updated:   29 January 2008

Urban Legends Reference Pages © 1995-2014 by snopes.com.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.
 
  Sources Sources:
    Legon, Jeordan.   "Experts: Vicious Worm 'Linux War' Weapon."
    CNN.   27 January 2004.