The W32.Mydoom.F@mm worm:
- Is a mass-mailing worm that opens a backdoor on TCP port 1080
- Can download and execute arbitrary files
- Will perform a Denial of Service (DoS) against www.microsoft.com and www.riaa.com, if the computer's local system date is between the 17th and 22nd of any month.
- Sets up a backdoor in an infected system, by opening TCP port 1080. This could allow an attacker to connect to a computer and use it as a proxy to gain access to its network resources.
The worm arrives as an attachment with the file extension .bat, .com, .cmd, .exe, .pif, .scr, or .zip. The From:
line of the email may be spoofed.
Virus definitions released on February 25, 2004 contained an enhanced W32.Mydoom.F@mm detection. This update provides a supplemental detection of zip files in addition to the existing signatures.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.