Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New MyDoom.AM - new variant


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:36 AM

Posted 26 January 2005 - 06:04 AM

Any new variant of MyDoom is worth watching as it's one of the most advanced viruses out there:

New MyDoom.AM - new variant
http://secunia.com/virus_information/14818/mydoom.av/
http://vil.nai.com/vil/content/v_131207.htm
http://www.sarc.com/avcenter/venc/data/w32.mydoom.am@mm.html
http://www.f-secure.com/v-descs/mydoom_am.shtml
http://www.sophos.com/virusinfo/analyses/w32mydoomam.html

W32.Mydoom.AM@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it finds on the compromised computer. The worm also propagates through file sharing networks. W32.Mydoom.AM@mm is a minor variant of W32.Mydoom.AG@mm. It disables antivirus and firewall applications, and blocks access to security-related Web sites

This variant bears the following characteristics:

* mails itself to target email addresses harvested from the victim machine
* constructs outgoing messages using its own SMTP engine
* spoofs the From: address on outgoing messages
* attempts to propagate through popular P2P networks by copying itself with enticing filenames
* terminates various processes (AV and security related)
* modifies the local HOSTS file to disable the updating of security products

Symptoms
* Existence of the files and Registry keys detailed here.
* Copies of the worm with the enticing filenames used for P2P propagation.
* Local HOSTS file overwritten as detailed here.
* When run, a garbage text file is opened and displayed in Notepad
* the worm will remove Registry key data for other worms from the Registry

Subject of email: Varies.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension.
Size of attachment: 32,768 bytes

Possible EMAIL Subject Lines
Good day
Do not reply to this email
hello
Mail Delivery System
Attention!!!
Mail Transaction Failed
Server Report
Status
Error

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users