Win32:Mydoom-M

Hi All,

there is a new virus outside - Win32:Mydoom-M and it seems that it has pretty hot start today - we are probably facing large epidemy due this beast. avast! iAVS update has been released some time ago - so please UPDATE :wink: !

Pavel

Thanks for the heads up Pavel :wink: , updating now.

–lee

Pretty hot start today

Am I missing something here? The virus is a week old. How come Alwill just today implemented it in the vps? Can you please explain that Pavel…

For everyone who wants to know a little more about the Mydoom-M:

Mydoom.M is a worm that installs a dynamic link library (DLL) that opens TCP port 1042 and listens to it, thus behaving as a backdoor. By doing so, it allows hackers to remotely access the affected computer in order to carry out actions that would compromise users confidentiality or impede normal work.

In addition, the mentioned library will also end any active process containing specific text strings associated to antivirus programs and system monitoring tools. This leaves the affected computer vulnerable to the attack of other malware.

Mydoom.M spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).

Nope. MyDoom.M is brand new (released today).

Yes, you are missing something ;D. This virus is quite new. There is (again!) big naming mess between antivirus companies - but as far as I know most of them are calling it .M, while others .N, .O or even .R :(.

But for example Symantec or Trend call it .M and it is quite new - I would not bother you with some old virus ;).

Pavel

So it is the naming mess again that is starting confusion amongst the users :-
Dang, I wish someone put a stop on that. I can pretty much follow it, but I hate to think about all those people who have less knowledge as me :cry:

A friend emailed me info on Win32:Mydoom-L. Is that old and M supersedes it?

The MyDoom.L is just another varient of the MyDoom family. It doesn’t grow old or get superseded by the next varient, even the old ones are a threat to unprotected/vulnerable systems.

Much if the advice in the email your friend sent is still valid and informative, but as AV companies and Microsoft close vulnerabilities or provide protection, so the virus writers modify their work to try and get around that protection.

A secondary threat from the latest incarnation of the Mydoom worm is being used to carry out a distributed denial of service attack against Microsoft's main website, microsoft.com, a senior anti-virus researcher says.

http://www.smh.com.au/articles/2004/07/28/1090694006478.html?oneclick=true

Symantec have a category 4 of the new mydoom virus.Is here by avast many infected of the new mydoom virus?