MyDoom mutant attacks Microsoft and RIAA

Discussion in 'malware problems & news' started by Marianna, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Apr 23, 2002
    B.C. Canada
    By Robert Jaques [25-02-2004]
    Medium-risk mass-mailing worm attempts Denial of Service hit on industry giants

    Security experts have discovered another version of the MyDoom virus.
    The recently discovered W32/MyDoom.f@mm, also known as MyDoom.F, was classified as a medium risk by McAfee's Anti-Virus and Vulnerability Emergency Response Team (Avert) division yesterday.

    MyDoom.F is similar to previous MyDoom variants in that it contains its own SMTP engine for building and sending messages.

    It attempts to perform a Denial of Service (DoS) attack against the Microsoft and RIAA websites, and contains a malicious payload that deletes files on infected PCs.

    According to Avert, the virus has been found in as many as 60 companies throughout Asia Pacific, Canada, Europe, Japan, Latin America and the US.

    The virus is a mass-mailing worm that tries to spread via email and by copying itself to the Windows System directory using random filenames.

    "After being executed, MyDoom.F emails itself out as an attachment with a random filename. The worm makes copies of itself as .zip archives or .exe in different directories on the local hard disk and mapped drives," warned Avert.

    "MyDoom.F opens a connection on TCP port 1080 and opens a list of other ports, ranging from 3000-5000, suggesting remote access capabilities. The worm also appears to carry out a DoS attack on the websites and"

    Further details about MyDoom.F and instructions for its removal can be found here.
Thread Status:
Not open for further replies.