NEWS FROM THE LAB - Friday, September 3, 2004

New variant of Mydoom has been found Posted by Alexey @ 14:30 GMT

Today we got a sample of a new Mydoom worm variant. This variant is detected as 'W32/Mydoom.T@mm' and as 'I-Worm.Mydoom.gen' with the latest FSAV updates (2004-09-03_02). The worm is similar to previous variants. It spreads in e-mails with different subject and body texts, to Kazaa P2P (peer-to-peer) file sharing network and also drops a backdoor component that listens on port 5422. Additionally the worm can perform a DDoS (Distributed Denial of Service) attack against Microsoft's website.