W32.Mydoom.F@mm

The W32.Mydoom.F@mm worm:

• Is a mass-mailing worm that opens a backdoor on TCP port 1080
• Can download and execute arbitrary files
• Will perform a Denial of Service (DoS) against www.microsoft.com and www.riaa.com, if the computer's local system date is between the 17th and 22nd of any month.
• Sets up a backdoor in an infected system, by opening TCP port 1080. This could allow an attacker to connect to a computer and use it as a proxy to gain access to its network resources.

The worm arrives as an attachment with the file extension .bat, .com, .cmd, .exe, .pif, .scr, or .zip. The From: line of the email may be spoofed.




Virus definitions released on February 25, 2004 contained an enhanced W32.Mydoom.F@mm detection. This update provides a supplemental detection of zip files in addition to the existing signatures.

Protection

• Initial Rapid Release version February 23, 2004
• Latest Rapid Release version March 10, 2009 revision 056
• Initial Daily Certified version February 23, 2004
• Latest Daily Certified version March 11, 2009 revision 003
• Initial Weekly Certified release date February 23, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Medium
• Number of Infections: 50 - 999
• Number of Sites: More than 10
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High