Any new variant of MyDoom is worth watching as it's one of the most advanced viruses out there:New MyDoom.AM - new varianthttp://secunia.com/virus_information/14818/mydoom.av/http://vil.nai.com/vil/content/v_131207.htmhttp://email@example.com://www.f-secure.com/v-descs/mydoom_am.shtmlhttp://www.sophos.com/virusinfo/analyses/w32mydoomam.html
W32.Mydoom.AM@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it finds on the compromised computer. The worm also propagates through file sharing networks. W32.Mydoom.AM@mm is a minor variant of W32.Mydoom.AG@mm. It disables antivirus and firewall applications, and blocks access to security-related Web sites
This variant bears the following characteristics:
* mails itself to target email addresses harvested from the victim machine
* constructs outgoing messages using its own SMTP engine
* spoofs the From: address on outgoing messages
* attempts to propagate through popular P2P networks by copying itself with enticing filenames
* terminates various processes (AV and security related)
* modifies the local HOSTS file to disable the updating of security products Symptoms
* Existence of the files and Registry keys detailed here.
* Copies of the worm with the enticing filenames used for P2P propagation.
* Local HOSTS file overwritten as detailed here.
* When run, a garbage text file is opened and displayed in Notepad
* the worm will remove Registry key data for other worms from the Registry
Subject of email: Varies.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension.
Size of attachment: 32,768 bytes Possible EMAIL Subject Lines
Do not reply to this email
Mail Delivery System
Mail Transaction Failed