The Web    Google
4/6: Mydoom-AJ Worm Uses Email

4/6: Mydoom-AJ Worm Uses Email
April 6, 2005

Similar to earlier MYDOOM variants, Worm_Mydoom.AJ propagates via email messages. It also uses social engineering techniques by sending an email message that poses as a love letter. It sends the said email message using a spoofed sender's name.

It obtains target email addresses from files using specific extension names. It also generates email addresses by selecting a user name, which it appends to a selected domain name, from its own list. It skips email addresses that contain certain strings.

The email message it sends has varying subjects, message body content, and attachment file names. For specific details about this worm's email message, please click here. Aside from email, this worm also attempts to propagate via popular peer-to-peer (P2P) file-sharing networks.

This worm also has the ability to prevent users from accessing security and antivirus Web sites by modifying the system's HOSTS file. It also terminates certain malware-related, security-related, and Windows-related processes running on the affected system.

Technical details can be found at Trend Micro page.

  • XP SP2 Deadline Extended
  • Taking on Cyber Crime's New Mob Ties
  • 4/11: Mytob-AG Sends Copy of Itself
  • Anti-Spam Bill Clears Senate
  • 8/20: Rbot-GR Has Trojan Abilities
  • New Worm Throws 'Smackdown' on Users
  • 10/29: Singu-B Allows Remote Access
  • 2/28: Rbot-UC a Worm and Trojan
  • 5/3: Bbprox-A Trojan Acts as Proxy Server
  • Sun, Partners Develop Security Appliances
  • 10/12: Bagle-AC Worm Sends Fake Message
  • Security Camera Price