Wednesday, February 23, 2005

MyDoom.be Debuts On The Net

What is it?
The latest in a wave of Medium Risk mass-mailing worms,W32/Mydoom.be@MM carries the dangerous BackDoor-CEB.f Trojan, which tries to disable anti-virus updating and help a remote user hijack an infected machine.

Like earlier variants, the worm spreads using stolen email addresses harvested from the victim PC and search engine queries. Watch out for messages pretending to be fake bounces from Postmaster or Mail Administrator.

Note: To fortify your anti-virus defense against threats like W32/Mydoom.be@MM that need Internet access to spread, we recommend installing McAfee Personal Firewall Plus.


What should I look for?

FROM: Spoofed.

SUBJECT: Examples: delivery failed, Message could not be Delivered, Mail System Error - Returned Mail

BODY: Example: We have received reports that your account was used to send a large amount of junk email messages during the week.

ATTACHMENT: Examples: README, INSTRUCTION, TRANSCRIPT


How do I find out more?

When run, the worm installs itself as JAVA.EXE in the Windows directory: C:\WINDOWS\JAVA.EXE.


Why am I receiving so many alerts?

By policy, when new viruses or variants (e.g., the current Mydoom string) reach Medium Risk threat status, McAfee immediately notifies customers who have opted to receive advisories, even if the latest variant mimics the last.

Links to this post:

Create a Link

<< Home