Scoop has an Ethical Paywall
Symantec Security Response 27 July 2004
Symantec Security Response - Tue, 27 July 2004
Symantec Security Response has identified a new variant of the Mydoom worm -- W32.Mydoom.M@mm. The worm was discovered today, July 26, and Symantec has upgraded this threat to a Level 4 (Level 5 being the most severe) due to increased submission rates.
At this time, Symantec has received a total of 728 submissions -- 129 of which are corporate submissions. Symantec's DeepSight Threat Analyst Team has also increased the ThreatCon to a Level 2 (Level 4 being the most severe). The Symantec ThreatCon provides a digital forecast of Internet activity, and a Level 2 rating signifies increased alertness.
W32.Mydoom.M@mm is a mass-mailing worm
that opens a back door -- Backdoor.Zincite.A -- on port
1034/tcp and uses its own SMTP engine to spread through
e-mail. If a machine becomes infected with W32.Mydoom.M@mm,
it will allow the attacker to have remote, unauthorized
access to the machine.
It will gather email addresses from files with .doc, .txt., .htm, and .html extensions. It will also query search.lycos.com, search.yahoo.com, www.altavista.com, and www.google.com to harvest additional e-mail addresses for possible distribution. When the worm finds an open Outlook window, it will attempt to send itself to the e-mail addresses it has found. This mass mailing may clog mail servers and downgrade system performance.
The worm's attachment will have a .cmd, .bat, .com, .exe, .pif, .scr, or .zip file extension, but the name of the attachment will vary. The From address will be spoofed, and the subject and body of the message will also vary (visit http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.ht ml for more details).
Symantec Security Response recommends that IT administrators filter attachments that are not on a list of approved types at the e-mail gateway and apply the Outlook E-mail Security Update (Q262631) in order to block user access to certain attachment types. This update will also notify the user of applications attempting to access the Outlook address book.
"As with past variants of Mydoom, both consumer and business computers can be affected by W32.Mydoom.M@mm," said Vincent Weafer, senior director, Symantec Security Response. "Due to its mass-mailing capabilities, W32.Mydoom.M@mm is spreading rapidly. In order to be fully protected, all users should take necessary steps to protect their systems, such as installing security patches, having up-to-date virus definitions, and refraining from opening attachments or suspicious e-mails."
ENDS
Business Canterbury: Urges Council To Cut Costs, Not Ambition For City
Wellington Airport: On Track For Net Zero Emissions By 2028
Landcare Research: ANZAC Gall Fly Release Promises Natural Solution To Weed Threat
NZ Anti-Vivisection Society: Auckland Rat Lovers Unite!
University of Canterbury: $1.35 Million Grant To Study Lion-like Jumping Spiders
Federated Farmers: Government Ends War On Farming
