Sponsored By

Sign in to follow this  
Dragon

Mydoom Resurfaces

Recommended Posts

The "Mydoom" e-mail worm has returned. First discovered in January 2004, Mydoom became one of the top ten most prolific virus/worms of last year. Now anti-virus companies have reported a new variant of this mass-mailing worm. The variant is called "[email protected]" and its discovery is one more example of why we encourage all our Internet users to install virus-scanning software on their computers and to frequently update their security software. (Note: Mydoom infects only Windows-based operating systems — not Macintosh, Linux, or UNIX systems.)

The [email protected] e-mail worm (also known as W32/[email protected]) is a mass-mailing worm that sends itself as an e-mail attachment to e-mail addresses found within an infected computer. Although the sender's address, the subject line, and the text within the message of the e-mail can vary greatly (making detection more difficult), the "from" address is usually spoofed to show coming from places like "Postmaster," "Mail Administrator," "The Post Office," "Mail Delivery Subsystem," "MAILER-DAEMON," or "Bounced mail." The subject line will commonly say something like "Returned mail: see transcript for details," "Returned mail: Data format error delivered," "Message could not be delivered," or "Mail System Error - Returned Mail." The message body text varies but may say something like this:

"Dear user of (your ISP domain here),

We have received reports that your e-mail account has been used to send a large amount of unsolicited e-mail messages during this week. We suspect that your computer was compromised and now runs a hidden proxy server.

We recommend you to follow our instruction in the attached file in order to keep your computer safe.

Virtually yours,

(your ISP domain here) support team."

The message leads users to believe they have received a bounced back e-mail message notification from their Internet service provider. When opening the accompanying attachment, however, the recipient's machine becomes infected with the Mydoom worm. This results in replicated e-mails being automatically mass-mailed to the e-mail addresses found on the recipient's computer.

The [email protected] worm also includes a "backdoor" feature that opens TCP port 1034 on the infected machine. This allows hackers to potentially have remote access and control of the infected computer.

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean they were the actual senders of the message and attachment. We encourage each of our users to install and utilize virus-scanning software, to update this software on a regular basis, and to scan all incoming attachments before opening them, even if the attachment shows coming from a trusted source. The ultimate responsibility of protecting your computer against worms and viruses lies with you. In addition, many viruses and worms spread not only via e-mail, but also through the sharing of files when using floppy disks, zip disks, and networks, as well as when downloading software. Be sure to scan these files for infections as well.

Share this post


Link to post
Share on other sites

hi team

i notice Dragon

has posted a simialar post as mine

but in another part of the world .

if i remember right.

my doom originated in the south pacific

when i was a member

of techtv

so please beware

and delete your attachements

take care.

bim i havent seen a post from you for sum time .

gearing up for xmas

i presume

marty

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this