1. OIT Home
2. CIO Home
3. TELR Home
4. Account Management
5. System Status
6. Glossary
7. Help Desk

Categories

Account Info
Carmen
DialUp
Email
Listserv
Mac OS
Peoplesoft
UNITS
Virus Info
Windows OS
Web Browsers
Wireless
Other

Forms

Account Applications
Carmen Help
Feedback
Get Help
Listserv Application
Wireless Help

Links

Account Management
System Status Page
Coordinator Web Service
Mailing List Interface

 

W32/Mydoom@MM Virus

W32/Mydoom@MM is a mass-mailing worm virus. Network Associates describes the message that contains the virus as follows:

To: (harvested and/or ##generated)
From: (spoofed)
Subject: (Random)
Body: (Varies, such as)

* The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
* The message contains Unicode characters and has been sent as a binary attachment.
* Mail transaction failed. Partial message is available.

Attachment: (varies [.exe, .pif, .cmd, .scr] - often arrives in a ZIP archive) (22,528 bytes)


Do not open the attached file. Delete the message and attachment immediately. If you have McAfee Virus Scan installed, you should update to the latest DAT files. This can be done through the Virus Scan Console, found by clicking Start, Programs, Network Associates and then the Virus Scan Console icon. From there, right click on AutoUpdate and select "Start" (you will need to be connected to the internet to do this). If you think your computer may be infected, double-click "Scan All Fixed Disks", then click the "Scan Now' button.

If you do not have anti virus software installed, you can obtain McAfee Virus Scan from OSU SLS.

If you use anti virus software other than McAfee Virus Scan, please see the manufacturer's web page for updates.

You should also be very cautious with unfamiliar attachments. Not opening them will protect you from the majority of viruses in existence. More information about the virus can be found at Network Associates. If you or anyone you know has been infected with W32/Mydoom@MM, McAfee's Stinger removal tool can detect and remove the infection.

##generated: One "twist" of this virus is that it does not just send mail to harvested e-mail addresses.

Additionally, the worm contains strings, which it uses to randomly generate, or guess, addresses. These are prepended as user names to harvested domain names:

sandra
linda
julie
jimmy
etc(there are dozens more).


If you have a valid e-mail address in the format firstname@domain, it's possible you may be getting flooded with the virus as a result of this particular "twist".

A variant of W32/Mydoom@MM, W32/Mydoom.b@MM has also been reported. The variant is almost identical to the original in appearance and behavior, but it also tries to rewrite the hosts file on an infected computer, to prevent the computer from reaching the sites of known anti-virus vendors, as well as Microsoft update.

Current Record: 1607

Create Date: 01-26-2004
Last Reviewed: 04-29-2004

---

Please give us your feedback!
Was this document helpful?	Yes No
Comments

---

Search For Keywords Search 8HELP Search the 8HELP Knowledge Base Search 8HELP, OIT and CIO Web Pages

---

Home

 

return to top