I-Worm.Novarg (Kaspersky Lab)   Mydoom (F-Secure)   W32/Mydoom@MM (McAfee Security)   W32/MyDoom-A (Sophos)   W32/MyDoom.A-mm (MessageLabs)   W32.Novarg.A@mm (Symantec)   WORM_MIMAIL.R (Trend Micro)  Security advisories:   Computer Associates   F-Secure   Kaspersky Lab   McAfee Security   MessageLabs   Sophos   Symantec   Trend Micro  Free standalone removal tools:   Computer Associates   F-Secure   McAfee Security   Sophos   Symantec

Just a day after being discovered, it was crippling e-mail systems worldwide, flooding users' inboxes with potentially dangerous messages and getting ready to attack The SCO Group.

That's the MyDoom worm, also known as Novarg. First spotted on January 26, 2004, this mass-mailing worm arrives in an e-mail attachment with a varying name and file extension .BAT, .CMD, .EXE, .PIF, .SCR or .ZIP. The sender's address is typically forged and could point to a person the user knows.

When a system is infected, MyDoom scours local files for e-mail addresses and sends a copy of itself to those uncovered. Meanwhile, the worm installs a potentially dangerous backdoor and a keylogger on the infected system, which could be used to compromise computer security and personal information such as credit card numbers and other private details. The only visible sign of infection is a Notepad window with undecipherable text contents which usually pops up on Windows' desktop.

Strongly contributing to its massive distribution rate, the virus makes a copy of itself in the shared folder of popular peer-to-peer application Kazaa, getting a foothold in the most widely used file-swapping system in the world. In addition, MyDoom prepares to launch a Denial of Service (DoS) attack on February 1, 2004 against the web site of Utah-based software company The SCO Group Inc. Last year, SCO launched a multibillion dollar litigation campaign against the open-source community, challenging the intellectual property claims of the Linux operating system.

The worm has already gotten a place in the history as one of the fastest spreading and farthest reaching worms ever invented. Yet MyDoom is programmed to stop propagating on February 12, 2004.

Svetlozar Online advises all users of Windows operating systems to immediately update the virus definitions of their antivirus products, or as a temporary solution, to cease opening all sorts of e-mail attachments regardless of the apparent source.