|
Description:
Update: On April 30, 2004 and a few days thereafter, TrendLabs observed infections by a different variant that is also detected as WORM_MYDOOM.A. This variant appears to have been designed to stop running its routines on a different date. The original .A variant ceases running most of its routines on February 12, 2004.
This mass-mailing worm selects from a list of email subjects, message bodies, and attachment file names for its email messages. It spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users on infected machines.
It can also propagate through the Kazaa peer-to-peer file-sharing network.
It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004.
It runs a backdoor component, which it drops as the file SHIMGAPI.DLL. The backdoor component opens port 3127 to 3198 to allow remote users to access and manipulate infected systems. Note that it allows remote access even after February 12, 2004.
This worm runs on Windows 95, 98, ME, NT, 2000, and XP.
doom doom doom
For additional information about this threat, see:
Solution
Technical Details
Description created: Jan. 26, 2004 1:35:26 PM GMT -0800
Description updated: May. 3, 2004 1:10:59 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
