Showing results for 
Search instead for 
Did you mean: 

Further Virus Update - Mydoom virus


Further Virus Update - Mydoom virus

Warning: Mydoom virus spreading rapidly

MessageLabs, the leading provider of managed email security services to businesses worldwide, has intercepted a high number of copies of a new worm known as W32/Mydoom.A-mm.

Name: W32/Mydoom.A-mm
Number of copies intercepted so far: 165,598
Time & Date first captured: 13.03pm GMT, 26th Jan 04
Origin of first intercepted copy: Russia

W32/Mydoom.A-mm is a mass-mailing worm that attempts to spread via email and by copying itself to any available shared directories used by Kazaa.

The worm harvests addresses from infected machines and targets files with the following extensions:
.wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm, .txt.

W32/Mydoom.A-mm also tries to randomly generate or guess likely email addresses to send itself to.

In addition, initial analysis suggests that Mydoom opens a connection on TCP port 3127, an indication of a remote access component.

Email characteristics:

From: Random, spoofed email address

Subject: Random

Text: Various, including:

· The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

· The message contains Unicode characters and has been sent as a binary attachment.

· Mail transaction failed. Partial message is available.

Attached file: Various,extensions including .exe, .pif, .cmd, .scr. The attachment often arrives in a zip archive, and is also represented by what appears to be a text file icon, but is in fact an executable.

Size: 22,528 bytes