Tuesday, August 17, 2004

McAfee Reports MyDoom.S Virus

What is it?

The latest in a string of Mydoom variants, W32/Mydoom.s@MM is a Medium Risk mass-mailing worm that can give hackers remote access to your PC.

The worm arrives inside an attachment and downloads a backdoor component from two websites: 1) richcolour.com, 2) zenandjuice.com.

W32/Mydoom.s@MM spreads to other PCs by sending itself to stolen email addresses.

Up-to-date McAfee VirusScan users with DAT 4386 are protected from this threat.

Note: To fortify anti-virus defense against viruses that carry backdoor payloads, we recommend installing McAfee Personal Firewall Plus.

What should I look for?

FROM: Spoofed
SUBJECT: photos
BODY: LOL!;))))
ATTACHMENT: photos_arc.exe

How do I know if I've been infected?

When the attachment is run, the virus copies itself to the Windows (%WinDir%) directory as rasor38a.dll and to the System (%SysDir%) directory as winpsd.exe.

How do I find out more?

View details about W32/Mydoom.s@MM here.