Author Topic: Win32:Mydoom-M (Read 7127 times)

Pavel Baudis · « **on:** July 26, 2004, 06:06:56 PM »

Hi All,

there is a new virus outside - Win32:Mydoom-M and it seems that it has pretty hot start today - we are probably facing large epidemy due this beast. avast! iAVS update has been released some time ago - so please UPDATE

!

Pavel

lee16 · « **Reply #1 on:** July 26, 2004, 06:12:05 PM »

Thanks for the heads up Pavel

, updating now.

--lee

Eddy · « **Reply #2 on:** July 26, 2004, 06:43:11 PM »

Quote

Pretty hot start today

Am I missing something here? The virus is a week old. How come Alwill just today implemented it in the vps? Can you please explain that Pavel.....

For everyone who wants to know a little more about the Mydoom-M:

Mydoom.M is a worm that installs a dynamic link library (DLL) that opens TCP port 1042 and listens to it, thus behaving as a backdoor. By doing so, it allows hackers to remotely access the affected computer in order to carry out actions that would compromise users confidentiality or impede normal work.

In addition, the mentioned library will also end any active process containing specific text strings associated to antivirus programs and system monitoring tools. This leaves the affected computer vulnerable to the attack of other malware.

Mydoom.M spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).

Vlk · « **Reply #3 on:** July 26, 2004, 06:54:57 PM »

Nope. MyDoom.M is brand new (released today).

Pavel Baudis · « **Reply #4 on:** July 26, 2004, 06:57:04 PM »

Yes, you are missing something

. This virus is quite new. There is (again!) big naming mess between antivirus companies - but as far as I know most of them are calling it .M, while others .N, .O or even .R

.

But for example Symantec or Trend call it .M and it is quite new - I would not bother you with some old virus

.

Pavel

Eddy · « **Reply #5 on:** July 26, 2004, 07:03:58 PM »

So it is the naming mess again that is starting confusion amongst the users $:-\$
Dang, I wish someone put a stop on that. I can pretty much follow it, but I hate to think about all those people who have less knowledge as me :'(

bluejk · « **Reply #6 on:** July 27, 2004, 12:22:45 AM »

A friend emailed me info on Win32:Mydoom-L. Is that old and M supersedes it?

DavidR · « **Reply #7 on:** July 27, 2004, 02:11:49 PM »

The MyDoom.L is just another varient of the MyDoom family. It doesn't grow old or get superseded by the next varient, even the old ones are a threat to unprotected/vulnerable systems.

Much if the advice in the email your friend sent is still valid and informative, but as AV companies and Microsoft close vulnerabilities or provide protection, so the virus writers modify their work to try and get around that protection.

Eddy · « **Reply #8 on:** July 28, 2004, 09:40:09 AM »

Quote

A secondary threat from the latest incarnation of the Mydoom worm is being used to carry out a distributed denial of service attack against Microsoft's main website, microsoft.com, a senior anti-virus researcher says.

http://www.smh.com.au/articles/2004/07/28/1090694006478.html?oneclick=true

Stephan123 · « **Reply #9 on:** July 28, 2004, 01:52:24 PM »

Symantec have a category 4 of the new mydoom virus.Is here by avast many infected of the new mydoom virus?

Author Topic: Win32:Mydoom-M (Read 7127 times)

Pavel Baudis

Win32:Mydoom-M

lee16

Re:Win32:Mydoom-M

Eddy

Re:Win32:Mydoom-M

Vlk

Re:Win32:Mydoom-M

Pavel Baudis

Re:Win32:Mydoom-M

Eddy

Re:Win32:Mydoom-M

bluejk

Re:Win32:Mydoom-M

DavidR

Re:Win32:Mydoom-M

Eddy

Re:Win32:Mydoom-M

Stephan123

Re:Win32:Mydoom-M