Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Malicious Software Report: W32/MyDoom Variant

February 2005

Malicious Software Report: W32/MyDoom Variant

ID: 00145
Ref: 129/2005
Date: 17 February 2005:13:53:16
Version: 1
Title: Malicious Software Report: W32/MyDoom Variant
Abstract:
Vendors affected: Microsoft,Microsoft
Operating systems affected: Microsoft,Microsoft
Title
=====

Malicious Software Report: W32/MyDoom Variant

Detail
======

We are receiving reports of a new variant of the MyDoom worm. The indications are
that the rate of infections being reported to anti-virus suppliers is increasing.
Some vendors have raised their threat assessment to medium. Patches are being made
available.

The worm has many different aliases. The URLs below provide more information:

------------------

Symantec - W32.Mydoom.AX@mm
Category: 3 (on a scale 1-5)

"W32.Mydoom.AX@mm is a mass-mailing worm that uses it own SMTP engine to send email
to addresses that it retrieves from the Windows Address Book on the infected
computer."

http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ax@mm.html


-----------------

Sophos - W32/MyDoom-O

"W32/MyDoom-O is a mass-mailing worm which spreads by emailing itself via its own
SMTP engine. The worm also allows unauthorised remote access to the computer via
a network."

http://www.sophos.co.uk/virusinfo/analyses/w32mydoomo.html


-----------------

McAfee - W32/Mydoom.bb@MM
Risk Assessment: Corporate User - Medium

"This variant W32/Mydoom is similar to previous variants, it bears the following
characteristics:

mass-mailing worm constructing messages using its own SMTP engine
harvests email addresses from the victim machine
spoofs the From: address
downloads the BackDoor-CEB.f trojan"

http://vil.nai.com/vil/content/v_131856.htm


-----------------

F-Secure - MyDoom.BB
Radar Alert Level: 2 (on a scale 3-1)

"MyDoom.BB appeared on February 17th, 2005. Like the previous variants, it is a
massmailer that sends infected messages with various subject lines and body
messages."

http://www.f-secure.com/v-descs/mydoom_bb.shtml


-----------------

Trend Micro - WORM_MYDOOM.BB
Overall Risk Rating: Medium

"WORM_MYDOOM.BB is similar to WORM_MYDOOM.M in almost all aspects. Like earlier
variants, this worm spreads via email through SMTP (Simple Mail Transfer Protocol),
gathering target recipients from the Windows Address Book, the Temporary Internet
Files folder, and certain fixed drives. Notably, it skips email addresses that
contain certain strings."

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.BB


-----------------

Outpost24 - W32/Mydoom.BB@mm
Alert: 3 (on a scale 1-5)

"We re-alert on W32/Mydoom.BB@mm due to the fact that we have increased the alert
level from 2 to 3. The virus has been seen more in the wild."

http://www.outpost24.com/


----------------------------------------------------------------------------------
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |