Post by Keith Heitmann on Feb 24, 2004 10:41:14 GMT -5
A variant of the original Mydoom virus, W32/Mydoom.f@MM is a Medium Risk mass-mailing worm that can open up hacker backdoors on infected systems and launch denial-of-service attacks that target www.microsoft.com and www.riaa.com domains.
Note: Unlike previous versions of Mydoom, Mydoom.f can also delete image, movie, Excel and Word files on an infected machine.
Like other mass-mailing viruses, W32/Mydoom.f@MM steals email addresses from an infected machine, then mails itself to other computers, often spoofing the "from field." The worm arrives with random subject lines, such as "Please read," "Something for you" or "Please reply". The body of the e-mail contains an executable file often disguised as a text file.
Caution: An infected email can come from addresses you recognize.
What to look for:
From: Randomly generated
Subject: Varies. Examples include:
Announcement
ApprovedNews
Attention
automatic responder
Bug
Body: Varies. Examples include:
Check the attached document.
Details are in the attached document. You need Microsoft Office to open it.
Greetings
Here is the document.
Here it is
I have your password
Attachment: Varies [.cmd, .bat, .exe, .pif, .cmd, .scr] but often arrives in a ZIP archive. 34,686 bytes. Examples include: creditcard.bat, creditcard.zip, paypal.zip, photo.zip, textfile.zip
Up-to-date McAfee VirusScan users with DAT 4327 are protected from this threat.
Note: Unlike previous versions of Mydoom, Mydoom.f can also delete image, movie, Excel and Word files on an infected machine.
Like other mass-mailing viruses, W32/Mydoom.f@MM steals email addresses from an infected machine, then mails itself to other computers, often spoofing the "from field." The worm arrives with random subject lines, such as "Please read," "Something for you" or "Please reply". The body of the e-mail contains an executable file often disguised as a text file.
Caution: An infected email can come from addresses you recognize.
What to look for:
From: Randomly generated
Subject: Varies. Examples include:
Announcement
ApprovedNews
Attention
automatic responder
Bug
Body: Varies. Examples include:
Check the attached document.
Details are in the attached document. You need Microsoft Office to open it.
Greetings
Here is the document.
Here it is
I have your password
Attachment: Varies [.cmd, .bat, .exe, .pif, .cmd, .scr] but often arrives in a ZIP archive. 34,686 bytes. Examples include: creditcard.bat, creditcard.zip, paypal.zip, photo.zip, textfile.zip
Up-to-date McAfee VirusScan users with DAT 4327 are protected from this threat.