Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New MyDoom.AM - new variant

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:36 AM

Posted 26 January 2005 - 06:04 AM

Any new variant of MyDoom is worth watching as it's one of the most advanced viruses out there:

New MyDoom.AM - new variant

W32.Mydoom.AM@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it finds on the compromised computer. The worm also propagates through file sharing networks. W32.Mydoom.AM@mm is a minor variant of W32.Mydoom.AG@mm. It disables antivirus and firewall applications, and blocks access to security-related Web sites

This variant bears the following characteristics:

* mails itself to target email addresses harvested from the victim machine
* constructs outgoing messages using its own SMTP engine
* spoofs the From: address on outgoing messages
* attempts to propagate through popular P2P networks by copying itself with enticing filenames
* terminates various processes (AV and security related)
* modifies the local HOSTS file to disable the updating of security products

* Existence of the files and Registry keys detailed here.
* Copies of the worm with the enticing filenames used for P2P propagation.
* Local HOSTS file overwritten as detailed here.
* When run, a garbage text file is opened and displayed in Notepad
* the worm will remove Registry key data for other worms from the Registry

Subject of email: Varies.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension.
Size of attachment: 32,768 bytes

Possible EMAIL Subject Lines
Good day
Do not reply to this email
Mail Delivery System
Mail Transaction Failed
Server Report

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users