 New MyDoom variant |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Aug 4 2004, 07:17 PM
Post
#1
|
|
 Bleeping Hacker  Group: BC Advisor Posts: 1,867 Joined: 14-April 04 From: Texas Member No.: 151  |
QUOTE The SANS Institute reports a new variant of MyDoom in the wild actually not recognized by AV vendors: New MyDoom On The Loose Initial analysis (we will update as we know more): Currently (16:00GMT), signatures are not yet available. UPDATED (17:00GMT): - Signatures are starting to come out, identifying this as MyDoom.O, MyDoom.P or Evaman.C - It appears that this may only work on Win2K and WinXP machines because the executable requires psapi.dll. - Copies itself to the Windows' system directory as winlibs.exe and installs itself under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run http://www.securityfocus.com/archive/1/370...01/2004-08-07/0 QUOTE
-------------------- |
 |
 
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 30th August 2008 - 05:22 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.