W32/Mydoom.A@mm, a new mass-mailing worms starts spreading quickly
W32/Mydoom.A@mm is a new mass-mailing worm that has been spreading rapidly via e-mail and the Kazaa file-sharing network
since it was first discovered yesterday. This worm has gained wide distribution in a very short time has therefore been classified as
high risk by FRISK Software's virus experts.
W32/Mydoom.A@mm spreads via e-mail messages with technically sounding subject lines. The attachment containing the worm's executable also bears
technical and harmless-sounding names. However, if such an attachment is executed, the worm infects the computer, harvests e-mail addresses from
infected computer's hard drive and sends spreads itself further by sending itself to these addresses. Mydoom.A also falsifies
the From address by substituting it with another harvested address chosen at random. The worm also opens up ports
on an infected computer, thereby creating a backdoor allowing for the possibility of hackers being able to gain remote control of an
infected computer. W32/Mydoom.A@mm also spreads via the Kazaa file-sharing network.
W32/Mydoom.A@mm is programmed perform a Denial of Service attack on SCO's website, www.sco.com, on 1 February 2004. However,
the worm is also designed to stop spreading eleven days later, on 12 Febuary 2004. It is considered a possibility that this planned
attack on SCO is a result of the resentment toward the company by parts of the Linux community since the company's claims that key
elements of the Linux open-source operating system are covered by their UNIX copyrights.
w32/Mydoom.A@mm is also known as:
- W32.Novarg.A@mm
- WORM_MIMAIL.R
- W32/Mydoom@mm
- Mydoom
- Win32/Shimg
W32/Mydoom.A@mm affects computers running Windows 95, 98, ME, NT, 2000 and XP.
E-mails carrying W32/Mydoom.A@mm will usually have one of the following subject lines:
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
The body of these e-mails is usually one of the following:
test
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available
Attachments containing W32/Mydoom.A@mm bear one of the following names:
document
readme
doc
text
file
data
test
message
body
with one of the following endings:
.pif
.scr
.exe
.cmd
.bat
For more information on this worm and disinfection please visit our
virus information section.
Recommended Reactions
Users are advised to update their
virus signature files and make sure they have the
latest versions of
F-Prot Antivirus installed on their computers.
After updating the virus signature files, users should scan their whole system
with the F-Prot Antivirus OnDemand scanner to ensure that their computer security
was not compromised before the virus signature files were updated.
For more information on this worm and disinfection please visit
our virus information section.
Threat Detection
The latest versions of F-Prot Antivirus
detect W32/Mydoom.A@mm using virus signature files dated 26 January 2004 or later.
|