Norman ASA today has set the MyDoom.A worm at high risk and advices its customers to download the latest definition files to protected themselves against this new threat.

The main spreading function is by email but also propagates through Kazaa. The worm MyDoom.A searches through several types of files hunting for email addresses to send itself to.

The worm sends itself as an email attachment with either random letter combinations or the file names "Message", "Doc", "Test", "Body", "Data", "File", "Text", "Readme", "Document". A complete list of the different email characteristics is available at http://www.norman.no/Virus/Virus_descriptions/11728

Depending on a date trigger (between Feb 1st 2004 and Feb 12th 2004), the worm will perform a denial-of-service attack (by sending huge amounts of data requests to overload the site) against www.sco.com. If the site www.sco.com is found, a thread conducting a never ending series of data streams attempt to jam the internet site.

The worm will stop spreading on February 12th 2004. However, it will retain some backdoor functionality.

For all users of Norman Virus Control or Norman Internet Control this worm is detected and removed using definition files from Jan 27th 2004 and newer.

For further information www.norman.com.

For further information, please contact

Steinar Wigtil, Director of R&D, Norman ASA, + 47 67 10 97 29
Audun Lødemel VP marketing, Norman ASA, +47 934 465 31