NEWS FROM THE LAB - Thursday, February 17, 2005

Another Mydoom Posted by Mikko @ 04:53 GMT

Another new Mydoom is going around. We haven't received many reports about this...but then again, our antivirus detected this one as an earlier variant with no need to update.

So right now we're detecting this one as Email-Worm.Win32.Mydoom.m while others use names such as W32/Mydoom.bb@MM, W32/MyDoom-O, W32.Mydoom.AX@mm, Mydoom.AU, WORM_MYDOOM.BB. Oh well.

This variant installs a spammer proxy trojan detected as Backdoor.Win32.Surila.o. It downloads it from www.aoprojecteden.org. This site is being misused by the virus writers without the site owners permission.