|
Description:
This memory-resident worm is almost similar to WORM_MYDOOM.A. The only functional difference is that the Denial of Service (DoS) attack routine of this malware is designed to end on February 14, 2006 instead of February 12, 2004.
It selects from a list of email subjects, message bodies, and attachment file names for its email messages. It spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users on infected machines.
It performs a Denial of Service (DoS) attack on the Web sites, www.microsoft.com and riaa.com. This is triggered if the system date is February 1, 2004 or later and the system time is 4:09:18 PM (16:09:18). It continues its DoS attack until February 14, 2006 2:28:57 AM (02:28:57). On the said date, this worm will not perform most of its routines, except for its backdoor functionalities.
This worm also attempts to install backdoor components by opening a listening port 1080. It may be waiting for remote hackers to take control of the compromised machine. It is also able to open several ports ranging from 3000 to 5000, to connect to remote SMTP servers to send email.
While searching for email addresses in all local and mapped network drives from C to Z, this MYDOOM variant may randomly delete files found bearing specific file extensions.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 20, 2004 6:11:02 AM GMT -0800
Description updated: Feb. 20, 2004 1:58:10 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
