Latest Mydoom mutant on the loose

Help and Discussion

Moderator: The Mod Squad

Latest Mydoom mutant on the loose

Postby Copper » Thu Feb 17, 2005 4:50 am

Latest Mydoom mutant on the loose
By Robert Jaques


Security experts have raised the risk assessment to medium on the recently discovered Mydoom.bb@MM worm, also known as Mydoom.bb, after receiving reports that the infection is spreading in the wild.

According to McAfee's Avert antivirus team, more than 50 reports of the virus being stopped or infecting users from the field have been recorded. Most of these reports have arrived from the US, though Avert has also received reports from Australia and the UK.

Mydoom.bb is similar to previous variants with a mass-mailing worm constructing messages using its own SMTP engine. It contains a peer-to-peer propagation routine and may be a .exe file. In common with other mutants it also downloads the BackDoor-CEB.f Trojan and spoofs the 'from' address.

Users are advised to be "very wary" and should most likely delete any email containing the following headers:

Delivered
Hello
Hi
Error
Status
Test
Report
Delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error


The virus constructs messages from pools of strings it carries in its body. After being executed, Mydoom.bb copies itself into the Windows System directory, and the worm installs itself as JAVA.EXE in the directory.

It will show Windows Explorer listening on TCP Port 1034, the port on which the web server runs.
"Only two thing are infinite, the universe and human stupidity,and Im not sure about the former." Albert Einstein (1879 - 1955)
Copper
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 8640
Joined: Mon Jul 14, 2003 12:38 pm
Location: Midlands UK

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest