MyDoom AG/AH might be a brand new virus family

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

An interesting analysis on MyDoom AG/AH from F-Secure's weblog:

http://www.f-secure.com/weblog/

Turns out these new Mydoom.AG and Mydoom.AH variants might not be Mydooms at all. Our comparison tools show only around 49% correlation between these and the last Mydooms. So that would explain why the technique is so different.

These viruses are also one of the fastest ever to take advantage of a new security vulnerability. The exploit was only posted publicly on Friday, and the viruses were out by Tuesday.

So the virus spreads in four steps:

1 Infected machine ("predator") sends out tons of emails with a link
2 Recipient on target machine ("prey") follows the link back to a website on the Infected machine
3 Exploit on the web page downloads and runs the virus, turning the prey to another predator
4 Repeat

STEPS 1-4 ILLUSTRATED
http://www.f-secure.com/weblog/archives/agillustration.jpg

Posted: Nov 10 2004, 07:13 AM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.