Mydoom-S poses as funny photos

The latest member of the Mydoom family spreads through an e-mail claiming to contain funny photos, antivirus firms reported Monday.

A new member of the Mydoom family is spreading through an e-mail claiming to contain funny photos, opening backdoors...

attackers could use to gain remote control of infected machines. Several antivirus firms started to see W32.Mydoom-S in the wild early Monday morning.

In its advisory, Santa Clara, Calif.-based McAfee Inc. rated the worm as a medium risk. For the worm to strike, McAfee said victims must manually open the infected e-mail attachment. Once running, it harvests addresses from files with the following extensions: .adb, .asp; .dbx; .htm; .php; .pl; .sht; .tbb; .txt; and .wab. The worm then sends itself to those addresses and attempts to install a backdoor.

"Companies should educate their users to practice safe computing. That includes never opening unsolicited e-mail attachments and discouraging the sending and receiving of joke files and funny photographs and screensavers," Graham Cluley, senior technology consultant for Lynnfield, Mass.-based Sophos, said in a statement. "This worm feeds on people's habit to willingly accept humorous content on their desktop computer, but they could be putting their entire company's data at risk."

Mydoom-S arrives in an e-mail with the following characteristics:

  • Subject line: photos
  • Message text: LOL!;))))
  • Attached file: photos_arc.exe

Helsinki, Finland-based F-Secure Corp. said the worm will attempt to download an executable from four different URLs stored within its body and that such URLs point to two different sites: and It then copies itself as a "winpsd.exe" file to the Windows system directory and creates a startup key for the copied file in Windows registry.

"All companies should consider blocking executable content from the outside world at the e-mail gateway," Cluley said.

Dig Deeper on Malware, Viruses, Trojans and Spyware



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: