| W32/Mydoom@MM is a High-Outbreak Risk mass-mailing worm flooding email servers worldwide. When run, the worm steals email addresses from the infected machine and also automatically generates random email addresses for propagation. This email generation engine is similar to technologies spammers use to generate addresses for spam email campaigns.
W32/Mydoom@MM generates emails with a spoofed From: field, so incoming messages may appear to be from people you know. Furthermore, the subject line and message body are both randomly generated by the worm. W32/Mydoom@MM also attempts to open a port on an infected PC, allowing a remote hacker to gain control of the system. (Installing a firewall such as McAfee Personal Firewall Plus can prevent this activity.) |
|
|
|
| What are the common subject lines, attachment names and message content associated with W32/Mydoom@MM: |
|
Subject:
Randomly generated
Attachment:
Randomly generated
The icon used by the file tries to make it appear as if the attachment is a text file.
The attachment type varies [.exe, .pif, .cmd, .scr] - often arrives in a ZIP archive), though the attachment size is 22,528 bytes.
From:
Spoofed -- may appear to be from someone you know.
Body:
Varied: (examples)
- The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
- The message contains Unicode characters and has been sent as a binary attachment.
- Mail transaction failed. Partial message is available.
|
|
| How do you know if you've been infected? |
|
- Upon executing the virus, Notepad is opened, filled with nonsense characters.
- Existence of the files and registry entry listed on the Virus Profile page.
|
|
| How do you clean your system if it’s already infected? |
|
| Update your anti-virus software and run a full scan of your system. Always ensure your virus definition DAT files are current. If you do not own anti-virus software, order McAfee VirusScan here. |
|
| Additional Protection |
|
| For an additional layer of protection, users should employ a full firewall on their system like McAfee Personal Firewall Plus. Personal Firewall Plus can stop the spread of the worm to other systems by blocking its ability to use email. It will also prevent the worm from allowing hackers to remotely access and control a user's PC. If you do not own firewall software, order McAfee Personal Firewall Plus here. |
|
| Looking for more information about the worm? |
|
| For a more detailed description of Mydoom and its characteristics, visit the Virus Profile page. |
|
| New Users: Get Protected Now |
|
|
|
 |
| Existing Users: Make Sure Your Protection Is Up to Date |
|
|
|
|
|
