The Web    www.100share.com    Google
 
9/9: Mydoom-U Worm Packed with UPX
 

9/9: Mydoom-U Worm Packed with UPX
September 9, 2004

W32/Mydoom.u@MM is a new variant of the Mydoom worm and is packed with UPX. It bears the following characteristics:

  • contains its own SMTP engine for constructing messages
  • harvests target email addresses from the victim machine
  • forges the From: header of outgoing messages
  • downloads BackDoor-CEB.c over HTTP

    From: (spoofed From: header)

    Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

    The from address is either one of the harvested addresses or constructed by taking a common name carried within the virus body and prepending it to the recipients domain name. (ie. john@mydomain.com)

    More information is at McAfee page.

    According to Panda Software, which also issued an alert, Mydoom.U is a worm that connects to several web sites in order to download a file belonging to a backdoor. Mydoom.U spreads via e-mail in a message with variable characteristics.

    Technical details are at this Panda Software page.


    •  
  • 8/3: MyDoom-Q Arrives in the Wild
  • 7/20: Mydoom.L@mm a Mass-Mailing Worm
  • Check Point Adds Application Protection To Firewall
  • AOL Offers Top 10 Spam List to Aid in Battle
  • NIKSUN offers a security camera for your network
  • 5/13: Sqdrop-A a Dropper Trojan
  • 3/11: Ruzes-A Trojan Grabs Email Addresses
  • 2/25: Kelvir-A an Instant Messaging Worm
  • 5/17: Vidlo-J a Downloading Trojan
  • 2/25: Randex-CST Worm Targets Passwords
  • 3/4: Rbot-WV Worm Uses Bad Passwords
  • Home Security Camera Background

    		•