Mydoom-S poses as funny photos

The latest member of the Mydoom family spreads through an e-mail claiming to contain funny photos, antivirus firms reported Monday.

A new member of the Mydoom family is spreading through an e-mail claiming to contain funny photos, opening backdoors attackers could use to gain remote control of infected machines. Several antivirus firms started to see W32.Mydoom-S in the wild early Monday morning.

In its advisory, Santa Clara, Calif.-based McAfee Inc. rated the worm as a medium risk. For the worm to strike, McAfee said victims must manually open the infected e-mail attachment. Once running, it harvests addresses from files with the following extensions: .adb, .asp; .dbx; .htm; .php; .pl; .sht; .tbb; .txt; and .wab. The worm then sends itself to those addresses and attempts to install a backdoor.

"Companies should educate their users to practice safe computing. That includes never opening unsolicited e-mail attachments and discouraging the sending and receiving of joke files and funny photographs and screensavers," Graham Cluley, senior technology consultant for Lynnfield, Mass.-based Sophos, said in a statement. "This worm feeds on people's habit to willingly accept humorous content on their desktop computer, but they could be putting their entire company's data at risk."

Mydoom-S arrives in an e-mail with the following characteristics:

  • Subject line: photos
  • Message text: LOL!;))))
  • Attached file: photos_arc.exe

Helsinki, Finland-based F-Secure Corp. said the worm will attempt to download an executable from four different URLs stored within its body and that such URLs point to two different sites: www.richcolour.com and zenandjuice.com. It then copies itself as a "winpsd.exe" file to the Windows system directory and creates a startup key for the copied file in Windows registry.

"All companies should consider blocking executable content from the outside world at the e-mail gateway," Cluley said.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close