New Mass Mailing Virus

Anti-virus vendors report the discovery of a new fast spreading email worm. The worm, named by anti-virus vendors as W32.NORVEG, W32/Mydoom@MM or WORM_MIMAIL.R, spreads by execution of an email file attachment. The virus may also spread by executing an infected file acquired through the KaZaa peer-to-peer file sharing program. The infection will permit remote operation of an infected computer by an unauthorized party. Windows operating systems are vulnerable to the virus.

An infected email may have a subject of: Test, Hi, Hello, Mail Delivery System, Mail Transaction Failed, Server Report, Status, or Error. The file attachment (22,528 bytes in size) may use a variety of names and name extensions (pif, scr, exe, cmd, bat, zip). You are encouraged to delete any email you receive with the above characteristics.

Please also be aware that this virus forges the From: line on randomly chosen email messages residing on infected computers. For this reason, you may receive a notification stating that you have sent an infected email message. If you receive such a notification and you have recently updated your anti-virus package, it is most likely that your email address was on an infected machine. Your computer probably is not infected.

Major antivirus vendors have released new updates to identify and remove infected attachments. Please update your anti-virus programs to protect your computers.

Additional references:

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html#threatassessment

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R