The Web    Google
10/20: Mydoom-AA Worm Spreads Via Email

10/20: Mydoom-AA Worm Spreads Via Email
October 20, 2004

Worm_MydoomAA, like earlier Mydoom variants, mainly spreads via email. The email message it sends out has varying subjects, message bodies and attachment names, some examples of which are as follows:


  • Announcement
  • Details
  • Document
  • Fw:Document
  • Fw:Important

    Message bodies

  • Check the attached document.
  • Daily Report.
  • Details are in the attached document.
  • here is the document.
  • Important Information.


  • archive.doc
  • attachment.doc
  • check.doc
  • data.doc
  • document.doc

    This worm harvests target email addresses from certain files found in specific Local Settings\Temporary Internet Files subfolders. It noticeably avoids sending email to addresses that contain certain strings.

    This Mydoom worm downloads a malware file detected as WORM_SCRANOR.A from a particular Web site. It also attempts to prevent access to certain antivirus Web sites by modifying the Windows Hosts file.

    Notably, this Mydoom variant has a message strings in its codes that attacks different antivirus companies.

    This worm runs on Windows 95, 98, ME, NT, 2000, and XP.

    Technical details can be found at Trend Micro page.

  • 2/8: Wallz Worm Exploits LSAS Flaw
  • 4/4: Mytob-C Worm Looks For Flaw
  • 3/28: Mytob-S Worm Exploits LSASS Flaw
  • 4/13: Spybot-NLX Worm Has DDoS Abilities
  • 3/31: MyDoom-AI Worm Uses Email
  • FTC: Identity Theft, Fraud on the Rise
  • House Passes Anti-Spyware Bill
  • 7/28: Downloader-NE.dr a New Trojan
  • PGP: Extended Encryption For Compliance
  • Is a Job in Security the Cure for Job Insecurity?
  • 10/21: Bloodhound.Exploit-17 Detects Files
  • Security Camera Articles