Tuesday, July 27, 2004

New MyDoom virus variant strikes the Net:

What is it?

W32/Mydoom.o@MM is a Medium-On-Watch mass-mailing worm that tries to open a hacker backdoor on your PC. Often pretending to be a bounced email alert, the worm arrives inside an attachment then spreads by sending itself to stolen contacts and via peer-to-peer programs.
Up-to-date McAfee VirusScan users with DAT 4381 are protected from this threat.

Note: To fortify anti-virus defense against viruses that carry backdoor payloads, we recommend installing McAfee Personal Firewall Plus.

What should I look for?

FROM: Varies. Examples: "Bounced mail," "MAILER-DAEMON," "Mail Administrator". Often spoofed.

SUBJECT: Varies. Examples: delivery failed, Message could not be delivered, Mail System Error - Returned Mail

BODY: Example: We have received reports that your account was used to send a large amount of junk email messages during the last week.

ATTACHMENT: Examples: README, INSTRUCTION, TRANSCRIPT

How do I know if I've been infected?
The worm installs itself as JAVA.EXE in an infected computer's Windows directory. TCP Port 1034 open.

Why am I receiving so many alerts?
It's our policy to notify McAfee customers or those who have opted-in to receive alerts of new viruses or serious variants (e.g., W32/Mydoom.o@MM), which often come in waves.

How do I find out more?
View details about W32/Mydoom.o@MM here.

Links to this post:

Create a Link

<< Home