The Web    Google
8/3: MyDoom-Q Arrives in the Wild

8/3: MyDoom-Q Arrives in the Wild
August 3, 2004

W32/Mydoom.q@MM is the latest variant of the MyDoom virus family and arrives as an email attachment. The attachment contains the following characteristics:

From: (spoofed From: header)
Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

The from address is constructed by taking a common name carried within the virus body and prepending it to the recipients domain name. (ie.

Subject: (one of the following)

  • SN: New secure mail
  • Secure delivery
  • failed transaction
  • Re: hello (Secure-Mail)
  • Re: Extended Mail
  • Delivery Status (Secure)
  • Re: Server Reply
  • SN: Server Status

    Body: (varies, such as)

  • domain:: Secure Mail Server Notification: for email address.
    New policy recommends to enclose all messages as Zip format.
    Your message is available in this server notice.
    Automatically server notice:,
    Server reply from domain.
  • domain:: New mail secure method implement: for email address.
    Now a new message is available as secure Zip file format.
    Due to new policies on clients.
    New service policy for security added from domain.

    View the various attachments and other information at Sophos page.

  • A New Breed of Phish
  • Protect Your Passwords -- Part 1
  • House to Create Homeland Security Oversight Committee
  • How hacking has entered the age of mass production.
  • How to Protect Against Identity Theft
  • In the Year 2005, Will Your Anti-Spam Arsenal Be the Same?
  • 4/5: Mytob-W Worm Takes Remote Orders
  • 'Critical' Windows Hijack Flaw Reported
  • Netsky-C Hammers U.S. and U.K.
  • A Spec to Spike Spam?
  • Feds Bag Warez Convictions
  • Home Security Camera Background