Thursday, February 17, 2005

MyDoom.bb Makes It's Presence Felt

What is it?

W32/Mydoom.bb@MM is a Medium Risk mass-mailing worm that carries the dangerous BackDoor-CEB.f Trojan, which tries to disable regular anti-virus updating and also help a remote user hijack an infected machine.

The worm spreads using stolen email addresses harvested from the victim PC and search engine queries. Watch out for messages pretending to be fake bounces from Postmaster or Mail Administrator.

Note: To fortify your anti-virus defense against threats like W32/Mydoom.bb@MM that need Internet access to spread, we recommend installing McAfee Personal Firewall Plus.

What should I look for?

FROM: Spoofed.

SUBJECT: Examples: delivery failed, Message could not be Delivered, Mail System Error - Returned Mail

BODY: Example: We have received reports that your account was used to send a large amount of junk email messages during the week.

ATTACHMENT: Examples: README, INSTRUCTION, TRANSCRIPT TEXT.ZIP


How do I know if I've been infected?

When run, the worm installs itself as JAVA.EXE in the Windows directory:
C:\WINDOWS\JAVA.EXE

How do I find out more?

View details about W32/Mydoom.bb@MM here.

Links to this post:

Create a Link

<< Home