IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

PSEPC Advisory Number: AV04-029: WORM_MYDOOM.M
26 July 2004

Purpose
The purpose of this advisory is to bring attention to a variant of the Mydoom worm: WORM_MYDOOM.M (aka W32/Mydoom.o@MM, W32.Mydoom.M@mm).

Assessment
This new variant of W32/Mydoom is packed with UPX. Similarly to previous variants, it bears the following characteristics:

  • mass-mailing worm constructing messages using its own SMTP engine
  • harvests email addresses from the victim machine
  • spoofs the From: address
  • contains an attachment with a .bat, .cmd, .com, .exe, .pif, .scr, or .zip extension.
  • the attachment name may contain a randomly selected domain, which was found on the sender's system.
  • downloads and executes a backdoor, detected as Backdoor.Zincite.A, on port 1034/tcp.
Suggested Action
PSEPC recommends that you ensure your anti-virus detection software definitions are current.

Additional information about this worm is available at the following links:
http://vil.nai.com/vil/content/v_127033.htm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.M
http://www.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html

---

Note to Readers

Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyse threats and to issue alerts, advisories and other information products. To report threats or incidents, please contact the PSEPC operations coordination centre at (613) 991-7000 or opscen@ocipep-bpiepc.gc.ca by e-mail.

Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The RCMP National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620.

Links to sites not under the control of the Government of Canada (GoC) are provided solely for the convenience of users. The GoC is not responsible for the accuracy, currency or the reliability of the content. The GoC does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content.