MyDoom.R Virus Outbreak Shows PC Security Still Weak

All Windows XP users should have Service Pack 2 installed as this closes the security hole that all versions of the MyDoom virus exploit. Use the Windows Update link to check your current patch needs.


- Panda Software warn of the new R variant of Mydoom-

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

MADRID, August 16, 2004 - Panda Software has detected the appearance of the R variant of the well-known Mydoom worm. This new version has started to spread and infect numerous users.

The large number of incidents reported involving Mydoom.R has prompted Panda Software to declare an Amber Alert.

Panda Software clients who already have the new TruPrevent Technologies installed have enjoyed preventive protection from this new virus, as they can detect and block it without needing to be able to identify it first (more information about the new TruPrevent Technologies atwww.pandasoftware.com/truprevent

Mydoom.R http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=50987 spreads via email in a message with the following characteristics:

Sender: Mydoom.R spoofs the address that appears as the sender of themessage that carries out the infection. The names that can appear as the sender of the message are: adam, alex, alice, andrew, anna, bill, bob,brenda, brent, brian, claudia, dan, dave, david, debby, fred, george, helen,jack, james, jane, jerry, jim, jimmy, joe, john, jose, julie, kevin, leo,linda, maria, mary, matt, michael, mike, peter, ray, robert, sam, sandra,serg, smith, stan, steve, ted and tom.

The subject is 'photos' and the message body is 'LOL!;))))'. The attachment is called 'PHOTOS_ARC.EXE', is 27 KB in size and written in version 6 ofVisual C.

When the user runs the infected file, the computer will be infected. Mydoom.R also looks for email addresses in files with certain extensions and sends a copy of itself to all the addresses it collects, therefore it could spread even more rapidly over the next few hours.

Luis Corrons, head of PandaLabs explains, "Mydoom.R, a new variant of the worm that emerged in January this year, is yet another attempt by virus authors to cause damage to users' computers by tricking them with social engineering techniques. Mydoom.R sends a file that supposedly contains photos in order to trick the user into opening the file and infect as many computers as possible."

In order to avoid falling victim to Mydoom.R, Panda Software advises users to take precautions and keep their antivirus software updated. The company has already made the updates to its products available to its clients to ensure their solutions can detect and eliminate this new malicious code.

Upgrades are now available to Panda Software clients who want to add the newTruPrevent Technologies to their current antivirus solution and getpreventive protection against this new threat or other malicious code.

For users with other developers' antivirus protection, Panda TruPrevent Personal is the ideal solution, as it is compatible with and complements thesep rograms, providing a second line of defense and proactive protection while the antivirus is updated, decreasing the risk of infection.

More information about TruPrevent Technologies www.pandasoftware.com/truprevent

More information about Mydoom.R and other IT threats is available at: http://www.pandasoftware.com/virus_info/encyclopedia/

Users can also scan and disinfect their computers using Panda ActiveScan, the free, online scanner available at http://www.pandasoftware.com/