W32/Mydoom.f@MM

Discussion in 'malware problems & news' started by Marianna, Feb 20, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Virus Information
    Discovery Date: 02/19/2004
    Origin: Unknown
    Length: 34,568 bytes
    Type: Virus
    SubType: E-mail worm

    This is a mass-mailing and share-hopping worm that bears the following characteristics:

    contains its own SMTP engine to construct outgoing messages
    contains ability to copy itself to mapped drives
    contains a backdoor component
    contains a Denial of Service payload
    contains payload of deleting files
    The virus arrives in an email message as follows:

    From: (Spoofed email sender)

    Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case

    Subject: (Varies, such as)

    Re: Approved
    Attention
    Your request is being processed
    (Blank)
    Please read
    Re: Thank You
    Recent news
    IMPORTANT
    Please reply
    Read this
    Your credit card
    Unknown
    EXPIRED ACCOUNT
    Your request was registered
    automatic responder
    Recent news
    Readme
    Bug
    You have 1 day left
    ApprovedNews
    Read it immediately
    Announcement
    =P Announcement
    hi, it's me
    You use illegal File Sharing... Your IP was logged
    Your account is about to be expired
    Love is Love is...
    Undeliverable message
    Re:
    Your order was registered
    Your order is being processed
    Current Status
    read now!
    Something for you
    For your information
    Information Warning
    hello
    hi
    Body: (Varies, such as)

    Read more: http://vil.nai.com/vil/content/v_101038.htm
     
Thread Status:
Not open for further replies.