Mydoom Virus Novarg Memail FREE SCANNER

securitycntr_468x60_animated

 

 

W32/Mydoom@MM - PC Virus Outbreak

Severe Infection Characteristics

Mydoom Virus Novarg Memail FREE SCANNER

Also Known As

W32/ Mydoom @MM  WORM_MIMAIL.R W32.Novarg.A@mm W32/ Mydoom@MM  WORM_ MIMAIL .R W32. Novarg .A@mm W32/ Mydoom @MM  WORM_MIMAIL.R W32. Novarg.A@mm W32/ My doom @MM  WORM_ MI MAIL .R W32. Novarg.A@mm

 
 

  Mydoom Virus Novarg Memail FREE SCANNER

MYDOOM Virus Information

W32.Novarg.A@mm AKA MyDoom is a mass mailing e-worm that arrives as an attachment with the file ext .bat .cmd .exe .pif .scr or .zip

When a PC is infected, the virus will set up a back-door into the system by opening many TCP ports 3127 through 3198, which can potentially allow a hacker to connect to the PC and use it as a proxy to gain access to its network resources and in various forms of DoS Denial of Service Attacks.

In addition, the backdoor portion of this malicious worm can download and execute random/arbitrary files.

The worm will perform a Denial of Service Attack starting on Feb 1/04. and will stop spreading on February 12/04.

AOL1

Code Name: W32/Mydoom@MM

Risk Assessment

Personal Users: High-Outbreak

Business Users: High-Outbreak

When Discovered: 1/26/2004

File Size: 22,528 bytes

Type: Virus/Worm Malicious Malware + backdoor trojan component

How Spread: E-mail

 

 

My Doom Method of Infection

This malware trojan worm spreads by email and by replicating  itself to the shared directory for Kazaa clients.

The mailing component harvests addresses from the resident computer system.  Files with the following ext are suspect:

wab adb tbb dbx asp php sht htm txt pl

Additionally, the worm contains strings, which it uses to randomly generate, or guess, email addresses. These are added as user names to perpetrated  domains: sandra julie jimmy jerry helen debby claudia brenda anna alice brent adam ted fred jack bill stan smith steve matt dave dan joe jane bob robert peter tom ray mary serg brian jim maria leo jose andrew sam george david kevin mike james michael john alex

mie_120x60_ani

Finally the virus sends itself via SMTP - constructing messages using its own such-SMTP component. 

The worm guesses the recipients email, and attaches the target domain name with the following strings: mx mail smtp mx1 mxs mail1 relay ns

The virus arrives via email as follows:

Subject: Error Status Server Report Mail Transaction Failed Mail Delivery System hello hi

Body:  Various -Randomly generated

The message has been sent as a binary attachment.and therefore contains Unicode characters.

Mail transaction failed.

Partial message is available.

VirusScan_120X60_promo

Attachment: .bat .exe .pif .cmd .scr - often Zipped on arrival (22,528 bytes) examples doc.bat document.zip message.zip readme.zip text.pif hello.cmd body.scr test.htm.pif data.txt.exe file.scr

May be multiple spaces for example:

document.htm    spaces  .pif

VirusScan_468X60_promo

Peer To Peer Propagation
The worm copies itself to the KaZaa Shared Directory with the following filenames: nuke2004 office_crack rootkitXP strip-girl-2.0bdcom_patches activation_crack icq2004-final winamp

Remote Access Component
MyDoom opens a connection on the TCP port 3127 or up to 3198 until successful and can accept specially crafted TCP transmissions.

saves the embedded binary into a temp file and executes it. Then temp file is deleted.

can relay TCP-packets  providing spoofing capabilities and thereby facilitates SPAM replication channel for distribution

Denial of Service Payload
DoS Begins On the first system startup on February 1st or later. The worm changes its behavior from mass emailing to DoS against sco.com domain. This denial of service attack will stop on the first system startup of February 12th or later, and then will just monitor your PC Yikes via the attached host port.

If you open an affected attachment Notepad is opened filled with a bunch of gobbledegook.

top5_viruses_sample

 

Remember: This is a mass-mailing and peer-to-peer file-sharing worm that bears the following characteristics..

  • contains its own SMTP engine to construct outgoing messages

  • contains a backdoor component

  • contains a Denial of Service payload

  • monitoring capablities over the host PC "Yours"

Do You autofill any passwords or account number? Alas MyDoom will become Your Doom

Get Protection, its just the best thing to do. McAfee Offers complete protection via Personal PC Firewall Protection to thwart the attempts of Hackers. McAfee also has the Best AntiVirus Suite on the Market. Check out VirusScan by McAfee Now!

Removal Instructions for MyDoom

MyDoom Characteristics

AntiVirus Protection Learn about MyDoom

Quick Link Educate Yourself about the latest Virus threats like MyDoom, Mimail, and Novarg

VirusScan_468X60