FYI Symantec Issues Category 4 Security Alert for Novarg/MyDoom
http://enterprisesecurity.symantec.com/symes553.cfm?JID=11&PID=8545983
A new email virus called MyDoom is spreading rapidly across the Internet through UNIX mail servers, bringing with it a dangerous attachment that, when opened, can give attackers access to users' computers through an electronic backdoor.
The attachment targets Windows users, which account for roughly 96 percent of all computer users, and the rate at which this virus is spreading matches that of SoBig.F, previously the fastest-spreading worm of all time. As with earlier email viruses, MyDoom doesn't spread by means of any technical chicanery, relying instead on the ignorance of users who double-click any messages they see in their Inboxes. Email users are thus advised not to open attachments from sources they can't verify.
The sheer amount of traffic generated by the virus has already brought down many networks, and some security experts now believe that attackers originally launched the virus as a Denial of Service (DoS) attack on SCO Group, the UNIX copyright holder that's now suing various Linux companies for copyright infringement. However, this attack is having the most dramatic effect on end users, many of whom are still surprisingly uninformed when it comes to the dangers of opening attachments. When users open MyDoom-tainted email attachments, their systems become infected--with two side effects. First, their systems send infected email to all the users in their address books.
Second, the virus places a backdoor on their systems that attackers can later exploit.
MyDoom email is identified by text in the body of the email that reads, "The message contains Unicode characters and has been sent as a binary attachment." The subject lines and attachment names vary.
Typical subject lines on infected messages include "Mail Delivery System" and "Mail Transaction Failed." The attachments often appear as .zip files (e.g., document.zip, message.zip, readme.zip) but can have virtually any extension, including .exe, .cmd, or .pif.
MyDoom is also identified as Novarg, Shimgapi, and W32/Mydoom.A@mm, depending on the source.