The Web    www.100share.com    Google
 
9/9: Mydoom-U Worm Packed with UPX
 

9/9: Mydoom-U Worm Packed with UPX
September 9, 2004

W32/Mydoom.u@MM is a new variant of the Mydoom worm and is packed with UPX. It bears the following characteristics:

  • contains its own SMTP engine for constructing messages
  • harvests target email addresses from the victim machine
  • forges the From: header of outgoing messages
  • downloads BackDoor-CEB.c over HTTP

    From: (spoofed From: header)

    Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

    The from address is either one of the harvested addresses or constructed by taking a common name carried within the virus body and prepending it to the recipients domain name. (ie. john@mydomain.com)

    More information is at McAfee page.

    According to Panda Software, which also issued an alert, Mydoom.U is a worm that connects to several web sites in order to download a file belonging to a backdoor. Mydoom.U spreads via e-mail in a message with variable characteristics.

    Technical details are at this Panda Software page.


  •  
  • 7/1: PWSteal.Refest Steals Banking Info
  • 2/18: Poebot-H Worm Hits Remote Shares
  • Linux Security: Tips from the Experts
  • A New Breed of Phish
  • 1/27: Worm_Bropia-D Drops Other Malware
  • 10/28: Agobot-NU a Worm and Backdoor
  • 11/23: BackDoor-CLK Trojan Copies Itself
  • Check Point Appliances Target Small Businesses
  • Gates Sends Letter on Spam to Congress
  • AntiOnline Spotlight: Trojan Force
  • Security Flaw Found In Sun Solaris Servers
  • Security Camera Companies and products