Network Associates, Inc., a leading provider of intrusion prevention solutions, announced that McAfee AVERT (Anti-Virus Emergency Response Team), the world-class anti-virus research division of Network Associates, assigned a high risk outbreak to the recently discovered W32/Mydoom@mm, also known as Mydoom. Mydoom is a destructive worm that spreads via e-mail as a binary attachment-making itself appear as if the attachment is a text file. The discovery of the virus was announced today by McAfee AVERT and has been found in as many as 25 companies and seen throughout Asia Pacific, Canada, Europe, Japan, Latin America and the United States.

Mydoom is an Internet worm that once activated opens Windows Notepad and fills it with nonsense characters. The worm then tries to spread via email and by copying itself to the shared directory for Kazaa clients, if they are present. Users should immediately delete any e-mail containing the following:

From: (Spoofed)

Subject: (Random)

Body of email: (Varies)

Attachment: Varies, but often arrives as an exe, .PIF, .CMD or .SCR in a ZIP archive that is 22,528 bytes

After being executed, Mydoom e-mails itself out as an attachment with the filenames c:\Program Files\KaZaA\My Shared Folder\activation_crack.scr, c:\WINDOWS\Desktop\Document.scr and c:\WINDOWS\SYSTEM\taskmon.exe. The icon used by the file tries to make it appear as if the attachment is a text file. Mydoom also uses a DLL that it creates in the Windows System directory c:\WINDOWS\SYSTEM\shimgapi.dll. It then creates a registry entry to hook Windows startup at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\_CurrentVersion\Run "TaskMon" = % SysDir%\taskmon.exe. Mydoom opens a connection on TCP port 3127 suggesting remote access capabilities.

Immediate information and cure for this virus can be found online at the Network Associates McAfee AVERT site located at . Users of McAfee Security antivirus products should update their systems from that page.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access