Malware type: Worm

Aliases: Email-Worm.Win32.Mydoom.gen (Kaspersky), W32/Mydoom.bm@MM (McAfee), W32.Mydoom.BI@mm (Symantec), Worm/Mydoom.BF.1 (Avira), W32/MyDoom-BS (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, 2000, ME, NT, XP

Encrypted: Yes

Description: 

Upon execution, this mass-mailing worm opens a text file that contains garbage data, using NOTEPAD.EXE, as follows:

Similar to earlier MYDOOM variants, this worm propagates via email messages. It also uses social engineering techniques by sending an email message that poses as a love letter. It sends the said email message using a spoofed sender's name.

It obtains target email addresses from files using specific extension names. It also generates email addresses by selecting a user name, which it appends to a selected domain name, from its own list. It skips email addresses that contain certain strings.

The email message it sends has varying subjects, message body content, and attachment file names. For specific details about this worm's email message, please click here.

Aside from email, this worm also attempts to propagate via the popular peer-to-peer (P2P) file-sharing network, Kazaa.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 31, 2005 4:48:15 AM GMT -0800
Description updated: Apr. 6, 2005 1:12:46 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.