Lookout, lookout, there's another dangerous virus about.
The latest virus goes by the name of MyDoom and is spreading like wildfire.
It spreads via email and it will scan an infected computers address book and it will send itself From: an address at random.
Sending itself from a random address makes it near impossible to trace the source.
W32/MyDoom-A drops itself to your System folder under the name taskmon.exe. It also drops a file named shimgapi.dll, which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer.
Graham Cluley, Senior Technology Consultant for Sophos Anti-Virus said,
"MyDoom is unlike many other mass-mailing worms we have seen in the past, because it does not try to seduce users into opening the attachment by offering sexy pictures of celebrities or private messages. MyDoom can pose as a technical-sounding message, claiming that the email body has been put in an attached file. Of course, if you launch that file you are potentially putting your data and computer straight into the hands of hackers."
"When the MyDoom worm forwards itself via email, it can create its attachment in either Windows executable or Zip file format. It is possible the worm's author did this in an attempt to bypass company filters which try and block EXE files from reaching their users from the outside world."
We here at I.T. Vibe have seen an incredible amount of these trying to come into our network via email this morning already.
MyDoom can also spread via popular file sharing service, Kazaa.
As ever, ensure your Anti-Virus software is kept fully up to date at all times.
UPDATE: The MyDoom virus will also launch a DDoS attack against SCO on 1st Feb 2004.
|
|
Reader Comments: 0
