The W32.Mydoom.L@mm mass-mailing worm:
- Uses its own SMTP engine to send itself to all the email addresses that it finds from an infected system.
The email has an attachment with a .bat, .cmd, .com, .exe, .pif, .scr, or .zip extension.
- The attachment name may contain a randomly selected domain, which was found on the sender's system. For example, the attachment name could contain fakedomain.com if the address firstname.lastname@example.org was harvested.
- Contains keylogging capabilities. The From field of the email is spoofed.
- Acts as a backdoor on infected systems.
- Is written in C++ and is packed with UPX.
Virus definitions 60719am (extended version July 19, 2004, rev. 39) and earlier, released on July 19, 2004, detect this threat as W32.Beagle.AF@mm.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.