Full
Name: |
MyDoom |
| Type: |
Worm |
| Also Known As: |
Novarg
MIMAIL
W32.MyDoom |
| Danger Level: |
6 |
| Category Description: |
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files. |
| Comment: |
This mass-mailing worm selects from a list of email subjects, message bodies, and attachment file names for its email messages. It spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users on infected machines.
It can also propagate through the Kazaa peer-to-peer file-sharing network.
It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004.
It runs a backdoor component, which it drops as the file SHIMGAPI.DLL. The backdoor component opens port 3127 to 3198 to allow remote users to access and manipulate infected systems. Note that it allows remote access even after February 12, 2004.
This worm runs on Windows 95, 98, ME, NT, 2000, and XP.
Already several "morally challenged" people are exploiting the backdoors that this worm creates for their own use, such as sending out spam or DDOS-ing sites. |
| |
|
| Properties: |
|
Back to the list of products removed by X-Cleaner
|
