SR Web Resources - Web Site Design and Programming - Return to Homr Page Home Services We Offer How We Do Business Contact Us About SRWR Resources Client Portfolio
 Article:   W32.Novarg.A@mm - New Virus

Resources

Home > Resources > Articles > W32.Novarg.A@mm Virus - January / February 2004           

Site Map
Do Business with our
    Customers!
Useful Links
Internet News
Articles
In Memory
Resources Menu


Date: January 28, 2004 - MyDoom or Novarg Virus

Norton Antivirus / Symantec Warnings

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. Systems affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.


Note: We've seen it delivered with a .txt attachment. If it can come with a text "file extension" (.txt), it may also appear as a .doc, .jpg or .gif so you should be careful opening ANYTHING without KNOWING it is safe...
read on)

"The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004."

SR Web Resources Suggestions:

Suggestion #1 - Error to the over-cautious

Basically, don't open any attachments unless you have positively, beyond a doubt, identified the sender and that they legitimately sent it to you (email them separately or call them if you didn't already know it was coming)... but you knew that.... Even if you expected the attachment, save it to your c: drive and scan it for virus' with your protective software before opening or executing it (including downloaded software from a trustworthy site). See "Norton Antivirus / Symantec Notes" below.

Suggestion #2 - if you use the PREVIEW WINDOW option in Outlook:

  • Use PREVIEW WINDOW in the In Box sparingly (details following)
  • Do not use PREVIEW WINDOW in the DELETE Box at all
  • Two things to do to avoid 1) "reading" known junk emails and 2) to avoid viewing them in the PREVIEW WINDOW (which you should avoid whenever possible):
    • Avoid "reading" emails shown in the PREVIEW WINDOW
      • Brief description: Set your email options so that an email is not marked as "read" until it has shown in the PREVIEW WINDOW at least 30 seconds
      • Purpose: By doing this, even if an email shows in the PREVIEW WINDOW, it's not marked as read for 30 seconds so you have some time to do something with it before that time expires. But with messages that are highly suspect of being infected, it would be best to avoid allowing it to be shown in the PREVIEW WINDOW to be safe. See "Avoid viewing..." next.
      • Outlook > Tools > Options > Other > Preview Pane >
      • check "Mark messages as read in preview pane"
      • Put 30 in the "___" where it says: "Wait ___ seconds before marking item as read"
    • Avoid viewing junk emails as you process your incoming emails
      • Brief Description: A way to take the panic out of deleting junk emails without previewing them. The "Marker" email helps you delete emails while avoiding ever showing them in the PREVIEW WINDOW.
      • Purpose: By clicking the "Marker" email first and allowing it to show in the PREVIEW WINDOW, you can take your time CTRL-clicking the junk emails that need to be deleted, without previewing them. Keep the "Marker" email indefinitely and continue to regularly use it to help process new incoming emails.
      • Choose any small email you've received from a friend or known business acquaintance and edit it to change the "Subject: " to "MARKER - Use to DELETE spam emails..."
      • Place that email in your IN Box (and another just like it in your JUNK email folder if you receive emails there, too)
      • First select this "Marker" email (it will show in your preview window)
      • Now CTRL-CLICK each other message that you know to be junk (including ALL emails with an attachment you weren't expecting and other junk emails). You can take your time since you have a known safe email showing in your PREVIEW WINDOW.
      • Without ever opening the junk emails and without even showing them in your preview window, delete all of them (including the "Marker" email).
      • Go to your DELETE folder and move the "Marker" email back to the IN Box (or back to the JUNK email folder as the case may be).
      • Now permanently delete all messages in the DELETE folder
  • Again, we don't feel you will be infected by simply opening an email message. It seems that you have to click an attachment to get infected. Yet, to follow the suggestions of not opening/reading an infected message at all is the most secure and safest option, when possible.

Suggestion #3 - For our customers receiving emails via your Web site's Web Host that now shows "#SPAM#" in the "Subject:" of junk emails - a way to reduce the number of spam emails that reach your IN box.

Emails with "#SPAM#" in an email's subject were tested and met a certain spam criteria. If you find that those emails are consistently validly spam, you can let us know to set an "inbound rule" for you - establishing that those emails never even reach you. With that directive, they will be deleted and never sent to you.

Alternatively, they can be saved in a separate spam folder. With that, you can manually review and delete all that are validly junk. If they are not junk, we can edit the inbound rules to allow this email in the future.

If you choose to just delete the emails with "#SPAM#" in the subject, you do not have the option to get those emails back. So be sure that the tests are working in consistently identifying spam before you choose this option. This DOES NOT stop all spam or virus infected emails but it can greatly reduce the spam you receive.

Norton Antivirus / Symantec Notes

"Step 1: Read Critical Information" - gives general description, threat assessment and "basic security best practices recommendations"

"Step 2: Update Your Virus Definitions" - you should have protection on your pc. My choice is Norton Security but regardless of your choice, you should have the protection and sign up for the program where you can regularly download the latest virus definitions

"Step 3: Download Removal Tool"
(as well as Step 2 and 3 to take care of the situation, in the case that your pc is infected. It seems to be important to take care of it right away.

Important for us all to note (again, per Norton / Symantec):
"Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched."

Resources:

Article: http://news.com.com/2100-7349_3-5147605.html

Norton Antivirus / Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

Links to Other Related Articles - source: ZDNet

SR Web Resources Original Article on Avoiding An Email Virus (August 2003).

Let us know if you have any questions.

You should take action, right away, to remove the virus if you inadvertently open an attachment that is infected.

You must be careful. Unfortunately our instructions and links (Internet News) can not to be construed as all encompassing and/or fool-proof ways to avoid virus'. They are just meant to hopefully help avoid a painful experience with a virus. So remember to follow your gut feelings and error to the over-cautious side.

 


Home | What | How | Contact | Finders Fee | Resources | About | Site Map

       
       

Contact Us!

  
www.SRWebResources.com (srwr.com)     Susan Riding     Last Update: July 16, 2010
Flanders, NJ 07836    Mount Olive Township   Morris County, New Jersey
Classic ASP Developer     Web Site Design / Redesign    Web Graphics
Copyright © 1999-2008  SR Web Resources - All rights reserved