W32.Mydoom.AF@mm - new variant - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

W32.Mydoom.AF@mm - new variant

Symantec and Trend have just published information on this new variant which is beginning to spread

W32.Mydoom.AF@mm - new variant
http://www.symantec.com/avcenter/venc/data/w32.mydoom.af@mm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.AF

W32.Mydoom.AF@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds from an infected system. The worm also contains back door functionality which allows unauthorized remote access to the infected computer. The email will have a variable subject and attachment name. The attachment will have a .cpl, .pif, or .scr file extension.

quote:

FORMAT OF EMAIL MESSAGE:

From: (spoofed)

Subject: is one of the following:

Announcement
Details
Document
Fw:Document
Fw:Important
Fw:Information
Fw:Notification
Fw:Warning
Important
Information
Notification
Re:Details
Re:Document
Re:Important
Re:Information
Re:Notification
Re:Warning
Warning
readnow!

Message: is one of the following:

Check the attached document.
Daily Report.
Details are in the attached document.
Important Information.
Kill the writer of this document!
Monthly news report.
Please answer quickly!.
Please confirm!.
Please read the attached file!.
Please see the attached file for details
Please see the attached file for details.
Reply
See the attached file for details
Waiting for a Response. Please read the attachment.
here is the document.
your document.

followed by:

+++ Attachment: No Virus found

followed by one of the following:

+++ Bitdefender AntiVirus - www.bitdefender.com
+++ F-Secure AntiVirus - www.f-secure.com
+++ Kaspersky AntiVirus - www.kaspersky.com
+++ MC-Afee AntiVirus - www.mcafee.com
+++ MessageLabs AntiVirus - www.messagelabs.com
+++ Norman AntiVirus - www.norman.com
+++ Norton AntiVirus - www.symantec.com
+++ Panda AntiVirus - www.pandasoftware.com

Attachment: is one of the following:

archive.doc
attachment.doc
check.doc
data.doc
document.doc
error.doc
file.doc
information.doc
letter.doc
list.doc
message.doc
msg.doc
news.doc
note.doc
notes.doc
report.doc
text.doc

with a second file extension of .cpl, .pif, or .scr.

Posted: Oct 17 2004, 07:42 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.