The W32.Mydoom.M@mm mass-mailing worm:
Uses its own SMTP engine to send itself to all the email addresses that it finds from an infected system.
The email has an attachment with a .bat, .cmd, .com, .exe, .pif, .scr, or .zip extension.
The attachment may have a second extension, which will either be .doc, .txt, .htm, or .html.
The attachment name may contain a randomly selected domain, which was found on the sender's system.
For example, the attachment name could contain fakedomain.com if the address x@fakedomain.com was harvested.
The From field of the email is spoofed.
Downloads and executes a backdoor, which is detected as Backdoor.Zincite.A, on port 1034/tcp.
Is packed by UPX.
system it affects: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
|
Ambitious contributor
|
|
| 27Jul2004,17:54 | #2 |
|
thank for information,
i will not going to open any attchment for 10 days,till then i think my antivirus company provide me with patch to save me from this virus |
|
Ambitious contributor
|
|
| 27Jul2004,17:57 | #3 |
|
|
Ambitious contributor
|
|
| 27Jul2004,18:10 | #4 |
|
|
Re thanks
i will download the patch as soon as possible.i think my company will apreciate this work :d |
|
Ambitious contributor
|
|
| 27Jul2004,18:31 | #5 |
|
|
dont mention, that why we all are here, to help eachother
vishal sharma 
|
|
Go4Expert Founder
|
 |
| 27Jul2004,20:00 | #6 |
|
Thanks for info and virus information in news is quite helpful.
|