Help
Quote
The SANS Institute reports a new variant of MyDoom in the wild actually not recognized
by AV vendors:
New MyDoom On The Loose
Initial analysis (we will update as we know more):
Currently (16:00GMT), signatures are not yet available.
UPDATED (17:00GMT):
- Signatures are starting to come out, identifying this as MyDoom.O, MyDoom.P or Evaman.C
- It appears that this may only work on Win2K and WinXP machines because the executable
requires psapi.dll.
- Copies itself to the Windows' system directory as winlibs.exe and installs itself
under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
by AV vendors:
New MyDoom On The Loose
Initial analysis (we will update as we know more):
Currently (16:00GMT), signatures are not yet available.
UPDATED (17:00GMT):
- Signatures are starting to come out, identifying this as MyDoom.O, MyDoom.P or Evaman.C
- It appears that this may only work on Win2K and WinXP machines because the executable
requires psapi.dll.
- Copies itself to the Windows' system directory as winlibs.exe and installs itself
under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
http://www.securityfocus.com/archive/1/370...01/2004-08-07/0
Quote
Back to top
