|
| Mydoom.f is a fast-spreading, mass-mailing worm that arrives as an email attachment (with extensions like .cmd, .bat, .pif, .com, .scr, .exe), often in a ZIP archive. Unlike previous versions of Mydoom, Mydoom.f has the ability to delete files on infected machines. Mydoom.f will also attempt a denial of service attack on www.microsoft.com and www.riaa.com. |
|
|
|
| What are the subject lines, message bodies and attachment names commonly associated with Mydoom.f? |
|
Subject Lines:
Mydoom.f can randomly generate subject lines, but some common examples include:
 |
• (Blank) |
• read now! |
| • =P Announcement |
• Read this |
| • Announcement |
• Readme |
| • ApprovedNews |
• Recent news |
| • Attention |
• Recent news |
| • automatic responder |
• Something for you |
| • Bug |
• Undeliverable message |
| • Current Status |
• Unknown |
| • EXPIRED ACCOUNT |
• You have 1 day left |
| • For your information |
• You use illegal File Sharing... Your IP was logged |
| • hello |
• Your account is about to be expired |
| • hi, it's me |
• Your credit card |
| • hi |
• Your order is being processed |
| • IMPORTANT |
• Your order was registered |
| • Information Warning |
• Your request is being processed |
| • Love is Love is... |
• Your request was registered |
| • Please read |
• Please reply |
| • Please read |
• Please reply |
| • Re: Approved |
• Re: Thank You |
| • Re: |
• Read it immediately |
Message Body (varies, such as):
|
• Check the attached document. |
• I wait for your reply. |
• Details are in the attached document.
You need Microsoft Office to open it. |
• I'm waiting Okay |
| • Greetings |
• Information about you |
| • Here is the document. |
• Is that from you? |
| • Here it is |
• Is that yours? |
| • I have your password :) |
• Kill the writer of this document! |
| • I wait for your reply. |
• OK Everything ok? |
| • Please see the attached file for details |
• Something about you |
| • Please, reply |
• Take it |
| • Read the details. |
• The document was sent in compressed format. |
| • Reply |
• We have received this document from your e-mail. |
| • See the attached file for details |
• You are a bad writer |
| • See you Here it is |
• You are bad |
| • See you |
|
Attachment Names: (Varies [.cmd, .bat, .pif, .com, .scr, .exe] - often arrives in a zip archive)
|
• creditcard.bat |
• paypal.zip |
| • creditcard.zip |
• photo.zip |
| • details.zip |
• textfile.zip |
| • mail.zip |
• vpf.zip |
| • notes.zip |
• website.zip |
| • part1.zip |
• %random characters%.zip |
|
|
| What does Mydoom.f do? |
|
|
Once the worm has infected a PC, it searches the local hard drive and deletes image, movie, Excel, Word and other files with the extensions [bmp, avi, jpg, sav, xls, doc, mdb]. Mydoom.f rapidly emails itself to email addresses it steals from the infected machine—spoofing (faking) the "From: Field". Caution: Infected emails can come from someone you know.
The worm also will attempt to spread through mapped drives on the user's system and will attempt a denial of service attack on www.microsoft.com and www.riaa.com.
|
|
| Why is Mydoom.f dangerous? |
|
|
Besides spreading infections and flooding email servers worldwide, Mydoom.f leaves a dangerous remote-access backdoor on an infected PC.
By accessing vulnerable or open communication ports, this may allow hackers to steal personal information (log-ins, credit card information) or remotely control a system (e.g., to launch spam attacks).
|
|
| How do you know if you've been infected? |
|
- Once a PC is infected, a fake error message will appear stating "File is Corrupted", "Unable to open specified file", or "File cannot be opened"
- Existence of the files and registry entry listed on the Virus Profile page.
|
|
| What is the best defense against worms like Mydoom.f? |
|
- Install McAfee® VirusScan®. Then update its anti-virus protection with the latest virus definitions, which can spot and remove Mydoom.f infections.
- Install McAfee Personal Firewall Plus. A firewall helps make your PC invisible online, stopping both malicious inbound and outbound communication.
Together, McAfee VirusScan and McAfee Personal Firewall Plus provide multi-layered protection for your system against high outbreak threats like Mydoom.f. |
|
| Looking for more information? |
|
| For a more detailed description of Mydoom.f and its characteristics, visit the Virus Profile page. |
|
| New Users: Get Protected Now |
|
|
|
|
| Existing Users: Make Sure Your Protection Is Up to Date |
|
|
|
|
|
|
