Trend: WORM_MYDOOM.BE {Sophos: W32/MyDoom-BE}

Discussion in 'malware problems & news' started by Randy_Bell, Feb 22, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    This worm propagates via email using SMTP (Simple Mail Transfer Protocol). It sends itself as an attachment to all email addresses found in the Windows address book (WAB), Temporary Internet Files folder, and from files with certain extensions found in fixed drives.

    To trick users into opening the attachment, it spoofs the sender's name or the FROM field, both in the email header and the envelope of the email. As a general rule, users should avoid opening the attachments of unsolicited email.

    More Info: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.BE
    Technical Details: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.BE&VSect=T
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Sophos: W32/MyDoom-BE

    Sophos: W32/MyDoom-BE

    Name: W32/MyDoom-BE
    Type: Worm
    How it spreads: Email attachments
    Affected operating systems: Windows

    Side effects:
    * Sends itself to email addresses found on the infected computer
    * Drops more malware
    * Forges the sender's email address
    * Uses its own emailing engine
    * Downloads code from the internet

    Protection available since 22 February 2005 01:22:19 (GMT)

    W32/MyDoom-BE is a mass-mailing worm.

    W32/MyDoom-BE also creates a file named services.exe in the Windows or Temp folder and runs the file. Services.exe is a detected by Sophos as W32/MyDoom-O.

    W32/MyDoom-BE searches the local Windows Address Book, temporary internet files and all fixed disks for email addresses. In addition the worm may use the internet search engines to find more email addresses.

    W32/MyDoom-BE also attempts to download and run files from several websites.
     
Thread Status:
Not open for further replies.