The Web    Google
8/3: MyDoom-Q Arrives in the Wild

8/3: MyDoom-Q Arrives in the Wild
August 3, 2004

W32/Mydoom.q@MM is the latest variant of the MyDoom virus family and arrives as an email attachment. The attachment contains the following characteristics:

From: (spoofed From: header)
Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

The from address is constructed by taking a common name carried within the virus body and prepending it to the recipients domain name. (ie.

Subject: (one of the following)

  • SN: New secure mail
  • Secure delivery
  • failed transaction
  • Re: hello (Secure-Mail)
  • Re: Extended Mail
  • Delivery Status (Secure)
  • Re: Server Reply
  • SN: Server Status

    Body: (varies, such as)

  • domain:: Secure Mail Server Notification: for email address.
    New policy recommends to enclose all messages as Zip format.
    Your message is available in this server notice.
    Automatically server notice:,
    Server reply from domain.
  • domain:: New mail secure method implement: for email address.
    Now a new message is available as secure Zip file format.
    Due to new policies on clients.
    New service policy for security added from domain.

    View the various attachments and other information at Sophos page.

  • Check Point Appliances Target Small Businesses
  • Is a Job in Security the Cure for Job Insecurity?
  • 4/18: Mytob-BR Worm Mails Itself Out
  • 'Buffalo Spammer' Arrested
  • 4/8: Imabut-A Trojan a Floppy Disk Image
  • 'Critical' Windows Hijack Flaw Reported
  • 4/6: Mydoom-AJ Worm Uses Email
  • 12/6: Atak-B a Mass-Mailing Worm
  • NetIQ offers up central security console
  • AOL Touts Increased Broadband Security
  • Sun Plays New Security Card with VeriSign
  • Security Camera Related Information