Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Virus alert: Network Associates McAfee Avert places high risk outbreak assessment on new W32/MYDOOM@MM worm

  • 27 January, 2004 17:53

<p>Sydney, Jan. 27, 2004 — Network Associates, the leading provider of intrusion prevention solutions, today announced that McAfee AVERT (Anti-Virus Emergency Response Team), the world-class anti-virus research division of Network Associates, assigned a high risk outbreak to the recently discovered W32/Mydoom@mm, also known as Mydoom. Mydoom is a destructive worm that spreads via email as a binary attachment—making itself appear as if the attachment is a text file. The discovery of the virus was announced today by McAfee AVERT and has been found in as many as 25 companies and seen throughout Asia Pacific, Canada, Europe, Japan, Latin America and the United States.</p>
<p>Symptoms</p>
<p>Mydoom is an Internet worm that once activated opens Windows Notepad and fills it with nonsense characters. The worm then tries to spread via email and by copying itself to the shared directory for Kazaa clients, if they are present. Users should immediately delete any email containing the following:</p>
<p>From: (Spoofed)</p>
<p>Subject: (Random)</p>
<p>Body of email: (Varies)</p>
<p>Attachment: Varies, but often arrives as an exe, .PIF, .CMD or .SCR in a ZIP archive that is 22,528 bytes</p>
<p>Pathology</p>
<p>After being executed, Mydoom emails itself out as an attachment with the filenames c:\Program Files\KaZaA\My Shared Folder\activation_crack.scr, c:\WINDOWS\Desktop\Document.scr and c:\WINDOWS\SYSTEM\taskmon.exe. The icon used by the file tries to make it appear as if the attachment is a text file. Mydoom also uses a DLL that it creates in the Windows System directory c:\WINDOWS\SYSTEM\shimgapi.dll. It then creates a registry entry to hook Windows startup at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\_
CurrentVersion\Run "TaskMon" = %SysDir%\taskmon.exe. Mydoom opens a connection on TCP port 3127 suggesting remote access capabilities.</p>
<p>Cure</p>
<p>Immediate information and cure for this virus can be found online at the Network Associates McAfee AVERT site located at http://vil.nai.com/vil/content/v_100983.htm. Users of McAfee Security anti-virus products should update their systems from that page.</p>
<p>Network Associates McAfee Protection-in-Depth Strategy delivers the industry’s only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block these types of attacks. This allows customers to protect themselves while they plan their patch deployment strategy.</p>
<p>AVERT Labs is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers in offices on five continents. AVERT protects customers by providing cures that are developed through the combined efforts of AVERT researchers and AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.</p>
<p>About Network Associates</p>
<p>With headquarters in Santa Clara, California, Network Associates, Inc. (NYSE: NET) creates best-of-breed computer security solutions that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats. Offering two families of products, McAfee System Protection Solutions, securing desktops and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate network, Network Associates offers computer security to large enterprises, governments, small and medium sized businesses, and consumers. For more information, Network Associates can be reached on the Internet at http://www.networkassociates.com/.</p>
<p># # #</p>
<p>NOTE: Network Associates, McAfee, AVERT and Sniffer are either registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. Ó2004 Networks Associates Technology, Inc. All Rights Reserved.</p>

Most Popular