Mydoom.bb spreading in the wild
Mydoom.bb spreading in the wild
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

Latest Mydoom mutant on the loose

Security experts raise risk assessment on Mydoom.bb

Robert Jaques, vnunet.com 17 Feb 2005
ADVERTISEMENT

Security experts have raised the risk assessment to medium on the recently discovered Mydoom.bb@MM worm, also known as Mydoom.bb, after receiving reports that the infection is spreading in the wild.

According to McAfee's Avert antivirus team, more than 50 reports of the virus being stopped or infecting users from the field have been recorded. Most of these reports have arrived from the US, though Avert has also received reports from Australia and the UK.

Mydoom.bb is similar to previous variants with a mass-mailing worm constructing messages using its own SMTP engine. It contains a peer-to-peer propagation routine and may be a .exe file. In common with other mutants it also downloads the BackDoor-CEB.f Trojan and spoofs the 'from' address.

Users are advised to be "very wary" and should most likely delete any email containing the following headers:

Delivered
Hello
Hi
Error
Status
Test
Report
Delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error

The virus constructs messages from pools of strings it carries in its body. After being executed, Mydoom.bb copies itself into the Windows System directory, and the worm installs itself as JAVA.EXE in the directory.

It will show Windows Explorer listening on TCP Port 1034, the port on which the web server runs. More information can be found here.

See also:

Trojan-based attacks on the wane as mass-mailers increase
Mass-mailers oust Trojans as main threat
The advice remains the same: do not click on attachments  02 Mar 2005
Virus displays nationalist slogan
'Deadcode' virus attempts political mischief
Malicious code infects executable files  16 Feb 2005
Vulnerability affects processing of PNG files
Virus warning hits Windows Media Player
Users urged to be careful when viewing PNG images  11 Feb 2005
Mobile devices the 'new frontier' for viruses
Mobile virus epidemic heading this way
Virus writers target handhelds, mobiles ... and your car  10 Feb 2005
David Emm
Bugwatch: The commercialisation of malware
Virus writers are waking up and smelling the money  04 Feb 2005
Security
Security
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Analyst Programmer - Applix TM1
Berkshire, Reading, United Kingdom | Foster Wheeler
Analyst Programmer - Applix TM1 -Competitive Salary - Reading Foster Wheeler is a leading international project management, engineering and construction organisation with global construction capabilities working on major projects within upstream oil & gas, midstream ... more >
System Support Officer
Brentwood, Essex, United Kingdom | NHS Blood & Transplant
System Support Officer - Brentwood - £20,225 - £26,123 The National Blood Service is an integral part of the NHS. Operating a network of centres across England and North Wales, we collect around 2 million ... more >
Become a Microsoft Systems Administrator. Click here for more information
United Kingdom | Advent Computer Training
Are you stuck in a dead end job? Do you want to take control of your salary, life and career? Advent IT and computer training offers advanced, professional training and helps you find the right ... more >
Technical Specialist Infrastructure
Welwyn Garden City, Hertfordshire, United Kingdom | Tesco.com
Technical Specialist Infrastructure - Welwyn Garden City Who's behind the world's most successful online retailer? Just over 10 years ago we started Tesco.com (aka Dotcom). Today, we've an incredible 750,000 active customers and sales at ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503