Mydoom-S poses as funny photos

By Bill Brenner, News Writer 17 Aug 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

A new member of the Mydoom family is spreading through an e-mail claiming to contain funny photos, opening backdoors attackers could use to gain remote control of infected machines. Several antivirus firms started to see W32.Mydoom-S in the wild early Monday morning.

In its advisory, Santa Clara, Calif.-based McAfee Inc. rated the worm as a medium risk. For the worm to strike, McAfee said victims must manually open the infected e-mail attachment. Once running, it harvests addresses from files with the following extensions: .adb, .asp; .dbx; .htm; .php; .pl; .sht; .tbb; .txt; and .wab. The worm then sends itself to those addresses and attempts to install a backdoor.

"Companies should educate their users to practice safe computing. That includes never opening unsolicited e-mail attachments and discouraging the sending and receiving of joke files and funny photographs and screensavers," Graham Cluley, senior technology consultant for Lynnfield, Mass.-based Sophos, said in a statement. "This worm feeds on people's habit to willingly accept humorous content on their desktop computer, but they could be putting their entire company's data at risk."

Mydoom-S arrives in an e-mail with the following characteristics:

• Subject line: photos
• Message text: LOL!;))))
• Attached file: photos_arc.exe

Helsinki, Finland-based F-Secure Corp. said the worm will attempt to download an executable from four different URLs stored within its body and that such URLs point to two different sites: www.richcolour.com and zenandjuice.com. It then copies itself as a "winpsd.exe" file to the Windows system directory and creates a startup key for the copied file in Windows registry.

"All companies should consider blocking executable content from the outside world at the e-mail gateway," Cluley said.

Tags: Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary