W32.Mydoom.AF@mm - new variant
W32.Mydoom.AF@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds from an infected system. The worm also contains back door functionality which allows unauthorized remote access to the infected computer. The email will have a variable subject and attachment name. The attachment will have a .cpl, .pif, or .scr file extension.
FORMAT OF EMAIL MESSAGE:
Subject: is one of the following:
Message: is one of the following:
Check the attached document.
Details are in the attached document.
Kill the writer of this document!
Monthly news report.
Please answer quickly!.
Please read the attached file!.
Please see the attached file for details
Please see the attached file for details.
See the attached file for details
Waiting for a Response. Please read the attachment.
here is the document.
+++ Attachment: No Virus found
followed by one of the following:
+++ Bitdefender AntiVirus - www.bitdefender.com
+++ F-Secure AntiVirus - www.f-secure.com
+++ Kaspersky AntiVirus - www.kaspersky.com
+++ MC-Afee AntiVirus - www.mcafee.com
+++ MessageLabs AntiVirus - www.messagelabs.com
+++ Norman AntiVirus - www.norman.com
+++ Norton AntiVirus - www.symantec.com
+++ Panda AntiVirus - www.pandasoftware.com
Attachment: is one of the following:
with a second file extension of .cpl, .pif, or .scr.