[Dshield] FW: New MiMail variant is DDoS'ing SCO.com
tlarholm at pivx.com
Tue Jan 27 00:10:05 GMT 2004
From: Thor Larholm
Sent: Monday, January 26, 2004 4:04 PM
To: 'bugtraq at securityfocus.com'
Cc: 'ntbugtraq at listserv.ntbugtraq.com'
Subject: New MiMail variant is DDoS'ing SCO.com
MiMail.R, also known as W32/Mydoom at MM (McAfee), Novarg (F-Secure),
W32.Novarg.A at mm (Symantec), Win32.Mydoom.A (CA) and Win32/Shimg (CA), is
a polymorphic variant that collects/spams/forges email addresses using
its own SMTP engine, installs a backdoor (most likely for use by
spammers) and engages in a DDoS attack against SCO.com by routinely
sending 63 HTTP requests. It's send as a ZIP attachment containing an
executable file with the file extension masked by numerous spaces.
McAfee is calling this a High Outbreak worm, which definitely fits the
bill according to the number of samples we are receiving.
Is the SCO.com DDoS an attempt at distraction from the fact that this
virus installs a proxy backdoor?
CA used to have a removal tool at
but it's no longer available.
Senior Security Researcher
24 Corporate Plaza #180
Newport Beach, CA 92660
thor at pivx.com
Phone: +1 (949) 231-8496
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
More information about the list