Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.Mydoom.AF@mm - new variant


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:04:05 AM

Posted 17 October 2004 - 07:40 PM

Symantec and Trend have just published information on this new variant which is beginning to spread

W32.Mydoom.AF@mm - new variant
http://www.symantec.com/avcenter/venc/data...doom.af@mm.html
http://www.trendmicro.com/vinfo/virusencyc...=WORM_NETSKY.AF

W32.Mydoom.AF@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds from an infected system. The worm also contains back door functionality which allows unauthorized remote access to the infected computer. The email will have a variable subject and attachment name. The attachment will have a .cpl, .pif, or .scr file extension.


FORMAT OF EMAIL MESSAGE:

From: (spoofed)

Subject: is one of the following:

Announcement
Details
Document
Fw:Document
Fw:Important
Fw:Information
Fw:Notification
Fw:Warning
Important
Information
Notification
Re:Details
Re:Document
Re:Important
Re:Information
Re:Notification
Re:Warning
Warning
readnow!


Message: is one of the following:

Check the attached document.
Daily Report.
Details are in the attached document.
Important Information.
Kill the writer of this document!
Monthly news report.
Please answer quickly!.
Please confirm!.
Please read the attached file!.
Please see the attached file for details
Please see the attached file for details.
Reply
See the attached file for details
Waiting for a Response. Please read the attachment.
here is the document.
your document.

followed by:

+++ Attachment: No Virus found

followed by one of the following:

+++ Bitdefender AntiVirus - www.bitdefender.com
+++ F-Secure AntiVirus - www.f-secure.com
+++ Kaspersky AntiVirus - www.kaspersky.com
+++ MC-Afee AntiVirus - www.mcafee.com
+++ MessageLabs AntiVirus - www.messagelabs.com
+++ Norman AntiVirus - www.norman.com
+++ Norton AntiVirus - www.symantec.com
+++ Panda AntiVirus - www.pandasoftware.com

Attachment: is one of the following:

archive.doc
attachment.doc
check.doc
data.doc
document.doc
error.doc
file.doc
information.doc
letter.doc
list.doc
message.doc
msg.doc
news.doc
note.doc
notes.doc
report.doc
text.doc

with a second file extension of .cpl, .pif, or .scr.



BC AdBot (Login to Remove)

 


#2 sultan_emerr

sultan_emerr

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Location:EL Abdula Oasis
  • Local time:04:05 AM

Posted 18 October 2004 - 02:14 AM

Hey harrywaldron, Thanks for the heads up. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users