W32/Mydoom.F Spreading Moderately; Payload, Not Infection Rate Causing Concern
MessageLabs, the leading provider of managed email security services to businesses, has intercepted a total of 271,240 copies of W32.Mydoom.F since the virus emerged on February 19th, 2004. Since its release, the virus appears to have peaked in number on Tuesday, with 115,772 copies intercepted by MessageLabs.
Number of copies intercepted so far: 271, 240
Time & date first captured: Feb 19, 2004; 18:15 GMT
Origin of first intercepted copy: UK
Mydoom.F is a mass-mailing worm similar in makeup to previous Mydoom variants.
Designed to perform a distributed Denial-of-Service attack on www.microsoft.com the same as earlier Mydooms, this variant also includes instructions to launch a DDoS against the Recording Industry Association of America’s web site at www.riaa.com.
The worm also tries to delete several file types from infected hard drives, including pictures, movies and MS Office documents and can harvest e-mail addresses from files. Files with the following extensions will be searched for and when found the virus will attempt to extract e-mail address contained within them: