Order / Renew Products Download Support Virusinfo E-Mail Alerts Partners About

22 December 2003
New version of F-Prot Antivirus for Linux
Version 4.3.2 of F-Prot Antivirus for Linux has been released
19 December 2003
New version of F-Prot Antivirus for Exchange
Version 1.1.0 of F-Prot Antivirus for Exchange has been released

26 Jan 2004
W32/Mydoom.A@mm
This mass-mailing worm starts spreading quickly

for Application / Script viruses and Trojans:

for Document / Office / Macro viruses:
 

W32/Mydoom.A@mm, a new mass-mailing worms starts spreading quickly

26 January 2004

W32/Mydoom.A@mm is a new mass-mailing worm that has been spreading rapidly via e-mail and the Kazaa file-sharing network since it was first discovered yesterday. This worm has gained wide distribution in a very short time has therefore been classified as high risk by FRISK Software's virus experts.

W32/Mydoom.A@mm spreads via e-mail messages with technically sounding subject lines. The attachment containing the worm's executable also bears technical and harmless-sounding names. However, if such an attachment is executed, the worm infects the computer, harvests e-mail addresses from infected computer's hard drive and sends spreads itself further by sending itself to these addresses. Mydoom.A also falsifies the From address by substituting it with another harvested address chosen at random. The worm also opens up ports on an infected computer, thereby creating a backdoor allowing for the possibility of hackers being able to gain remote control of an infected computer. W32/Mydoom.A@mm also spreads via the Kazaa file-sharing network.

W32/Mydoom.A@mm is programmed perform a Denial of Service attack on SCO's website, www.sco.com, on 1 February 2004. However, the worm is also designed to stop spreading eleven days later, on 12 Febuary 2004. It is considered a possibility that this planned attack on SCO is a result of the resentment toward the company by parts of the Linux community since the company's claims that key elements of the Linux open-source operating system are covered by their UNIX copyrights.

w32/Mydoom.A@mm is also known as:

  • W32.Novarg.A@mm
  • WORM_MIMAIL.R
  • W32/Mydoom@mm
  • Mydoom
  • Win32/Shimg

W32/Mydoom.A@mm affects computers running Windows 95, 98, ME, NT, 2000 and XP.

E-mails carrying W32/Mydoom.A@mm will usually have one of the following subject lines:

     test
     hi
     hello
     Mail Delivery System
     Mail Transaction Failed
     Server Report
     Status
     Error

The body of these e-mails is usually one of the following:

     test
     The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
     The message contains Unicode characters and has been sent as a binary attachment.
     Mail transaction failed. Partial message is available

Attachments containing W32/Mydoom.A@mm bear one of the following names:

     document
     readme
     doc
     text
     file
     data
     test
     message
     body

with one of the following endings:

     .pif
     .scr
     .exe
     .cmd
     .bat

For more information on this worm and disinfection please visit our virus information section.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

For more information on this worm and disinfection please visit our virus information section.

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Mydoom.A@mm using virus signature files dated 26 January 2004 or later.

FRISK Software International is a leading developer of anti virus software and anti spam filtering services. FRISK Sofware International's anti virus computer software, F-Prot Antivirus, is available for various operating systems such as Linux, BSD, Windows, and AIX as well as the Microsoft Exchange groupware. The company also offers F-Prot AVES, the anti spam and anti virus filtering service.



Products for Corporate Users:

F-Prot Antivirus Alert Service
F-Prot AVES E-mail Service
F-Prot Antivirus for Windows
F-Prot Antivirus for Exchange
F-Prot Antivirus for Linux
F-Prot Antivirus for BSD
F-Prot Antivirus for Solaris
F-Prot Antivirus for AIX
F-Prot Antivirus for DOS
Products for Home Users:

F-Prot Antivirus Alert Service
F-Prot Antivirus for Windows
F-Prot Antivirus for Linux
F-Prot Antivirus for BSD
F-Prot Antivirus for DOS
Downloads:

F-Prot Antivirus for Windows
F-Prot Antivirus for Exchange
F-Prot Antivirus for Linux
F-Prot Antivirus for BSD
F-Prot Antivirus for Solaris
F-Prot Antivirus for AIX
F-Prot Antivirus for DOS
Latest Threats:

W32/Mydoom.B@mm
W32/Mydoom.A@mm
W32/Bagle.A@mm
W32/Sober.C@mm
W32/Mimail.I@mm