Alerts
MyDoom Virus Spreading Via Email
Date:
January 27, 2004
Severity:
High
Systems Affected:
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Overview:
This mass-mailing virus targets from a list of email subjects, message bodies, and attachment file names. The virus, once executed, spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users of the infected machines. Upon infecting a computer, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which could allow an attacker to connect to the computer and gain access to its network resources. The backdoor could also allow for the download and execution of arbitrary files.
According to MessageLabs Inc., which scans email for viruses, one in every twelve messages sent over the Internet on January 27th contained the virus, called "Mydoom" or "Novarg." Because of the enormity of this mass email infection, every Windows machine that possesses email capability is vulnerable.
Detection:
Please use an antivirus tool of your choice. The most effective way to identify affected systems is to scan using eEye’s Retina Network Security Scanner, or the free Retina MyDoom scanning utility, which was made available today at:
http://www.eeye.com/html/Research/Tools/MyDoom.html
Removal:
To access the Microsoft Anitvirus Alert, visit
http://www.microsoft.com/security/antivirus/mydoom.asp
Prevention:
Retina Network Security Scanner has been updated to check for the email virus and its variants. These checks are included in Retina 4.9.155 and higher. The following is the related vulnerability check:
MIMAIL.R Virus Detected
This alert was last updated on January 27, 2004.
January 27, 2004
Severity:
High
Systems Affected:
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Overview:
This mass-mailing virus targets from a list of email subjects, message bodies, and attachment file names. The virus, once executed, spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users of the infected machines. Upon infecting a computer, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which could allow an attacker to connect to the computer and gain access to its network resources. The backdoor could also allow for the download and execution of arbitrary files.
According to MessageLabs Inc., which scans email for viruses, one in every twelve messages sent over the Internet on January 27th contained the virus, called "Mydoom" or "Novarg." Because of the enormity of this mass email infection, every Windows machine that possesses email capability is vulnerable.
Detection:
Please use an antivirus tool of your choice. The most effective way to identify affected systems is to scan using eEye’s Retina Network Security Scanner, or the free Retina MyDoom scanning utility, which was made available today at:
http://www.eeye.com/html/Research/Tools/MyDoom.html
Removal:
To access the Microsoft Anitvirus Alert, visit
http://www.microsoft.com/security/antivirus/mydoom.asp
Prevention:
Retina Network Security Scanner has been updated to check for the email virus and its variants. These checks are included in Retina 4.9.155 and higher. The following is the related vulnerability check:
MIMAIL.R Virus Detected
This alert was last updated on January 27, 2004.
