[Dshield] FW: New MiMail variant is DDoS'ing SCO.com
jim.clausing at acm.org
Tue Jan 27 00:25:23 GMT 2004
Anyone have more info on the DDoS of sco.com? This is the first I
noticed mention of that.
On or about Mon, 26 Jan 2004, tlarholm at pivx.com pontificated thusly:
> -----Original Message-----
> From: Thor Larholm
> Sent: Monday, January 26, 2004 4:04 PM
> To: 'bugtraq at securityfocus.com'
> Cc: 'ntbugtraq at listserv.ntbugtraq.com'
> Subject: New MiMail variant is DDoS'ing SCO.com
> MiMail.R, also known as W32/Mydoom at MM (McAfee), Novarg (F-Secure),
> W32.Novarg.A at mm (Symantec), Win32.Mydoom.A (CA) and Win32/Shimg (CA), is
> a polymorphic variant that collects/spams/forges email addresses using
> its own SMTP engine, installs a backdoor (most likely for use by
> spammers) and engages in a DDoS attack against SCO.com by routinely
> sending 63 HTTP requests. It's send as a ZIP attachment containing an
> executable file with the file extension masked by numerous spaces.
> McAfee is calling this a High Outbreak worm, which definitely fits the
> bill according to the number of samples we are receiving.
> Is the SCO.com DDoS an attempt at distraction from the fact that this
> virus installs a proxy backdoor?
> CA used to have a removal tool at
> but it's no longer available.
> More information:
> Thor Larholm
> Senior Security Researcher
> PivX Solutions
> 24 Corporate Plaza #180
> Newport Beach, CA 92660
> thor at pivx.com
> Phone: +1 (949) 231-8496
> PGP: 0x5A276569
> 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
> PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
> Qwik-Fix <http://www.qwik-fix.net>
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list