Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32/Mydoom.ap - First New Variant for 2005


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:42 PM

Posted 16 January 2005 - 06:34 AM

A new variant of the MyDoom virus family has been discovered. Any new member of this family of viruses should be watched, as it can spread rapidly if users launch infected attachments.

W32/Mydoom.ap - First New Variant for 2005
http://secunia.com/virus_information/14588/mydoom.ap/
http://vil.nai.com/vil/content/v_130859.htm
http://www.sophos.com/virusinfo/analyses/w32mydoomaa.html

* Sends itself to email addresses found on the infected computer
* Uses its own emailing engine
* It can spread peer-to-peer
* Installs itself in the Registry
* Leaves non-infected files on computer

EXAMPLES OF EMAIL MESSAGES TO AVOID

From: (Spoofed email sender)

Subject: (Varies, such as)
Do not reply to this email
HELLO
Server Report
Good Day
Attention!!!
ERROR
Mail Transaction Failed
(random characters)


Body: (Varies, such as)

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. Mail transaction failed. Partial message is available. (Random gibberish) New terms and conditions for credit card holders

Here a new terms and conditions for credit card holders using a credit cards for making purchase in the Internet in the attachment. Please, read it carefully. If you are not agree with new terms and conditions do not use your credit card in the World Wide Web. Thank you, The World Bank Group 2004 The World Bank Group, All Rights Reserved

Attention! New self-spreading virus! Be careful, a new self-spreading virus called "RTSW.Smash" spreading very fast via e-mail and P2P networks. It's about two million people infected and it will be more. To avoid your infection by this virus and to stop it we provide you with full information how to protect yourself against it and also including free remover. Your can find it in the attachment. 2004 Networks Associates Technology, Inc. All Rights Reserved

Attention! Your IP was logged by The Internet Fraud Complaint Center Your IP was logged by The Internet Fraud Complaint Center. There was a fraud attempt logged by The Internet Fraud Complaint Center from your IP. This is a serious crime, so all records was sent to the FBI. All information you can find in the attachment. Your IP was flagged and if there will be anover attemption you will be busted. This message is brought to you by the Federal Bureau of Investigation and the National White Collar Crime Center


Attachment: (varies [.bat, .exe, .pif, .cmd, .scr] - often arrives in a ZIP archive) (31kb)

examples (common names, but can be random)
doc.bat
document.zip
message.zip
readme.zip
text.pif
hello.cmd
body.scr
test.htm.pif
data.txt.exe
file.scr
In the case of two file extensions, multiple spaces may be inserted as well

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users