View Full Version : Mydoom.a worm
Blackspear
January 26th, 2004, 10:40 PM
This appears to be a brand spanking new worm, picked up today.
It comes through showing an attachment, however there is no attachment, drops itself into memory, Nod detects it upon a scan only and cannot delete. It deletes AFTER rebooting.
Cheers ;D
bigc73542
January 26th, 2004, 10:46 PM
You might want to check out the link about the worm---my doom
http://www.wilderssecurity.com/showthread.php?t=20465
Blackspear
January 26th, 2004, 11:11 PM
Thanks for that, have seen a major slowdown on the internet today, maybe that is the cause...
;D
bigc73542
January 26th, 2004, 11:23 PM
That is a definate possibility some of these new malware put a good load on the internet when they first comeout.
sir_carew
January 26th, 2004, 11:50 PM
Hello,
NOD detect it since the 1.608 update.
izi
January 27th, 2004, 12:26 AM
Does NOD32 detect this worm with advanced heuristics?
izi
Blackspear
January 27th, 2004, 01:11 AM
Yes it did with us, and now (a few hours ago) it detects it within it's virus definitions database.
Cheers ;D
Shelb
January 27th, 2004, 09:44 AM
Nod saved me last night from this one as well :-)
sir_carew
January 27th, 2004, 11:28 AM
Hi,
In the virus description don't appear that NOD is able to detect it using AH.
Eliot
January 27th, 2004, 11:49 AM
My best friend nailed it with the heuristics last nite. He got the definitions update about 30 min later. :o
sir_carew
January 27th, 2004, 11:55 AM
Here are the responses speed of some AVs:
TrendMicro, el 26/01/2004 a las 23:52:29 como WORM_MIMAIL.R NOD32, el 27/01/2004 a las 00:55:43 como Win32/Mydoom.A Antigen, el 27/01/2004 a las 01:39:51 como MyDoom.A@mm Norton, el 27/01/2004 a las 01:50:13 como W32.Novarg.A@mm Kaspersky, el 27/01/2004 a las 02:08:53 como I-Worm.Novarg Sophos, el 27/01/2004 a las 02:09:19 como Win32/MyDoom-A InoculateIT, el 27/01/2004 a las 02:28:42 como Win32.Shimg.Worm Panda, el 27/01/2004 a las 05:39:04 como W32/Mydoom.A.worm McAfee, el 27/01/2004 a las 05:57:49 como W32/Mydoom@MM
Source: Hispasec (Spanish)
I hope that you'll understood the spanish parts.
izi
January 27th, 2004, 03:23 PM
Does NOD32 detect Win32/Mydoom.A and Win32/Dumaru.Y with advanced heuristics?
Answer: Only Dumaru.Y
mrtwolman
January 28th, 2004, 05:51 AM
-{ Quote: " quoting: izi link=board=39;threadid=20470;start=0#msg124633 date=1075235028]
Does NOD32 detect Win32/Mydoom.A and Win32/Dumaru.Y with advanced heuristics?
Answer: Only Dumaru.Y
" }-
I am afraid the answer Dumaru.Y is wrong. Due the nature of intentionally damaged zip archive (erong global headers, correct local headers) the worm has not been picked by AH in my opinion. Maybe you noticed, archive support has been updated on 26th.... Hope this has been fixed now....
izi
January 28th, 2004, 08:19 AM
-{ Quote: "I am afraid the answer Dumaru.Y is wrong." }-
This was answer of Eset support. I think that they know.
izi
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums