Sign In

The Mydoom Worm

Author
Time
Here's a letter I got from America Online. It's of equal importance no matter who your internet provider is.

Quote

"Am I Infected? I Keep Getting Messages From a Mailer-Daemon About An Undeliverable Message.

There are two versions of the Mydoom worm, and arrive attached to an e-mail. You are currently protected because AOL automatically scans all incoming e-mail attachments for both versions of the Mydoom worm. If AOL finds an e-mail with one of the worms, the e-mail is returned to the sender (without the worm) to warn the sender that his or her computer is infected.

Both versions of the Mydoom worm "spoof" or fake the sender's address when they send out copies of themselves to infect other computers. The worms use e-mail addresses they find on an infected computer to spoof the sender's e-mail address. Because your e-mail address was on an infected computer that the worm used to send itself out to someone (whom you may or may not know), you get the error message when a mail system rejects an e-mail because the address doesn't exist or it finds a worm or other virus attached to the e-mail.

Generally, these error messages come from "Mailer-Daemon." Just because you are getting these messages doesn't necessarily mean you are infected. Update your anti-virus software and scan your computer for maximum security.

WARNING: If you receive any messages about an undeliverable message that has a file attachment, do not download or execute the file. Simply delete the message.


How Can I Prevent Infection From the Mydoom Worms?

You are currently protected because AOL automatically scans all incoming e-mail attachments for both versions of the Mydoom worm. For maximum protection, however, you still need to be vigilant. The worms arrive attached to e-mails with random sender addresses and random subject lines and body text, or no subject line or body text at all. The name of the attachment is also random. Your computer cannot be infected with either version of the worm unless you download and execute the attached file.

To make sure you are protected, verify that the sender is someone you know and, if you didn't expect them to send you a file, check with them to verify that the e-mail is legitimate. If you receive an e-mail with an attached file from someone you don't know, or an e-mail from someone you know but they didn't send it, do not download the attachment. Simply delete the e-mail.

Finally, run a firewall on your computer. The firewall will notify you of data coming from the Internet that you didn't request, or if the data is coming from a source it doesn't recognize. If you are an AOL for Broadband member, you can download a firewall at AOL for Broadband -- Firewall.

Important: Only e-mail that is sent to an AOL e-mail address (e.g., ScreenName@aol.com) or e-mail from another AOL member is scanned for viruses. E-mail that is sent to any other e-mail account (such as your work e-mail account) is not automatically protected by AOL. You must run anti-virus software to ensure your computer is protected from known viruses. If you don't have anti-virus software, you can subscribe to McAfee VirusScan Online -- Brought to you by AOL and get the latest updates every time you log on to AOL.

Both versions of the Mydoom worm are mass mailing worms that only affect computers running Windows. They cannot infect Apple computers. 


How Do I Know If I Have Been Infected?

If you don't downloaded e-mail attachments or execute programs without verifying their legitimacy, or use Kazaa (a popular file-sharing program), you should not be infected. If you or someone using your computer executed or might have executed a program received in an e-mail recently, or uses Kazaa, you should update your anti-virus software and scan your computer for viruses, worms and Trojan horses.
 
If you don't have anti-virus software, you can subscribe to McAfee VirusScan Online -- Brought to you by AOL and get the latest updates every time you log on to AOL.


What Do the Mydoom Worms Do?

First, the Mydoom worms install themselves on your computer and alter your Windows startup files to have themselves installed every time you start your computer. After installing themselves on your computer, the Mydoom worms send a copy of themselves to e-mail addresses they find on your computer.

The second version of the Mydoom worm will also scan the Internet for computers that are infected with the original version of the worm, using your computer and your connection to the Internet. If it finds an infected computer, it will delete the original version of the worm and install itself.

Both versions of the worms also install a backdoor program that allows someone to remotely control your computer or have your computer automatically download and execute a malicious program. This program is also set up to start every time you start your computer.

A third file is only created if you use Kazaa, a popular file sharing program. A copy of the worm itself, with a randomly generated name, is placed in your Kazaa shared folder. In other words, you assist in spreading the worm to other computers.

The second version of the Mydoom worm alters a critical operating system file on your computer to prevent you from updating your anti-virus software and Windows operating system. If you subscribe to McAfee VirusScan Online -- Brought to you by AOL, your anti-virus protection will be updated when you log on AOL, even if you are infected with the worm.

Finally, beginning Feb. 1, 2004 and lasting through Feb. 12, 2004, the earlier version of Mydoom will use your computer to launch a denial-of-service (DOS) attack against a business Web site owned by the SCO Group. Beginning the same day but not ending until March 1, the second version of the worm will use your computer to launch a DOS attack against the SCO Web site and Microsoft's Web site.


Where Can I Find More Information About The Mydoom Worms?
 
AOL's anti-virus partner, McAfee, has more information on the W32/Mydoom @ MM worm and the new variant, W32/Mydoom.b @ MM.

How Can I Protect Myself From Other Viruses, Worms, and Trojan Horses?
 
The most important steps you can take are to install anti-virus software and a firewall. 

Remember, however, anti-virus software must be kept up-to-date to be effective. The instructions on how to update your definitions should be included with the anti-virus software and be available on the software vendor's Web site. For more information, see AOL Keyword: Security. 

If you don't have anti-virus software, you can subscribe to McAfee VirusScan Online -- Brought to you by AOL and get the latest updates every time you log on to AOL.

A firewall will protect you from viruses that scan networks for vulnerable computers. Installation and configuration instructions should be included with the firewall software and be available on the firewall vendor's Web site. For more information, see AOL Keyword: Security. 

If you are an AOL for Broadband member, you can download a firewall at AOL for Broadband -- Firewall.
"
"May the force be with you!"
Author
Time
here's the bastard...

mydoom
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
true... one of the good things of having a mac.
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
I hate viruses. I just delete emails from people I don't know or if they have iffy-looking attachments.

Princess Leia: I happen to like nice men.
Han Solo: I'm a nice man.

Author
Time
dont worry if macs keep on becomeing more popular as they are, hackers will start to make viruses for macs too.
Author
Time
yeah, i delete them as well... pretty much without thinking.
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
only e-amisl that are on my contact list or on my safe list gets sent to me the rest go to the junk mail folder.
Author
Time
Quote

e-amisl


eLECTRONIC-amisH lETTERS...
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
e-mail* not amisl
which is very close to my real name
Author
Time
youre name is very close to email? cool!
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
your name is amith?
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
Quote

Originally posted by: PSYCHO_DAYV
THANKFULLY MAC USERS DON'T HAVE TO WORRY ABOUT EMAIL VIRUSES FOR THE MOST PART AS THEY ARE PRIMARILY AIMED AT pc USERS. THE ATTACHMENTS ARE TYPICALLY .EXE FILES WHICH MAC ARE UNABLE TO USE.



It is a beautiful thing.
"You fell victim to one of the classic blunders, the most famous of which is 'Never get involved in a land war in Asia'."
--Vizzini (Wallace Shawn), The Princess Bride
-------------------------
Kevin A
Webmaster/Primary Cynic
kapgar.typepad.com
kapgar.com
Author
Time
i bet it is.
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
There really isn't much purpose in creating Mac-based viruses, worms, etc. because virus creators want their creation to get out to the largest number of people in the smallest amount of time. One of the reasons I'm glad Macs haven't become too popular. Then Mac viruses might become a problem. I'm sure there are a few out there. But you don't hear about them too often.
"You fell victim to one of the classic blunders, the most famous of which is 'Never get involved in a land war in Asia'."
--Vizzini (Wallace Shawn), The Princess Bride
-------------------------
Kevin A
Webmaster/Primary Cynic
kapgar.typepad.com
kapgar.com
Author
Time
well, if macs get popular, which is some time off i know but... , then there would be true.
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
Quote

Originally posted by: Bossk
Quote

Originally posted by: PSYCHO_DAYV
THANKFULLY MAC USERS DON'T HAVE TO WORRY ABOUT EMAIL VIRUSES FOR THE MOST PART AS THEY ARE PRIMARILY AIMED AT pc USERS. THE ATTACHMENTS ARE TYPICALLY .EXE FILES WHICH MAC ARE UNABLE TO USE.



It is a beautiful thing.


YES IT IS.

"I'VE GROWN TIRED OF ASKING, SO THIS WILL BE THE LAST TIME..."
The Mangler Bros. Psycho Dayv Armchaireviews Notes on Suicide

Author
Time
sean, go to symantec.com there is a guide how to remove it.
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
dayv... focus!
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)
Author
Time
Quote

Originally posted by: PSYCHO_DAYV
I'VE FOUND THAT A NICE WARM BOWL OF SOUP AND A COOL COMPRESS ON THE FOREHEAD DO WONDERS FOR VIRUSES.


A good exercise regime will do wonders as far as prevention, too.
"May the force be with you!"
Author
Time
yes, try and stay as fit as possible...
"The ability to speak does not make you intelligent."
Qui-Gon Jinn (R.I.P.)