oops W32 my own typo! :-) Everyone except Sophos is calling it "M"
latest MyDOOM search engine use Latest MyDoom search engine use (initial analysis. more details, and eventual corrections, will be posted as they become available) The latest version of MyDoom, which started arriving in peoples mail boxes in force today, uses search eninges to find more recipients for its message. Once the virus is started, it searched the users files for domain names. Once it spotted a domain name (e.g. '@example.com', or in 'www.example.com'), it will search various search engines for valid e-mail addresses within these domains. These search engines include Lycos, Google, Altavista, Yahoo and possibly others. Some of the search strings used: GET /default.asp?lpv=1&loc=searchhp&tab=web&query=e-mail+example.com Some search engines report performance issues. Antivirus vendors are currently publishing updated signature files. Please update ASAP. Infected machines can be identified by looking for excessive traffic to search engines and smtp traffic. Anti Virus Vendor Links: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.M http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127033 http://www.sophos.com/virusinfo/analyses/w32mydoomo.html http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] ====================================== Our Anti-spam solution works!! http://www.clickdoug.com/mailfilter.cfm For hosting solutions http://www.clickdoug.com http://www.forta.com/cf/isp/isp.cfm?isp_id=1069 ====================================== ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 26, 2004 12:44 PM Subject: Re: [IMail Forum] FW: Returned mail: Data format error : : >I submitted it to Symantec who identifies it as W31-myDoom M : : W31? I always knew there was something wrong with Symantec... :) : : Seriously, though, I'm not sure why Symantec is calling it Mydoom.M instead : of Mydoom.O like the other AV vendors. In any case, it's a good thing that : they are now catching it. : : -Scott : --- : Declude JunkMail: The advanced anti-spam solution for IMail mailservers : since 2000. : Declude Virus: Ultra reliable virus detection and the leader in mailserver : vulnerability detection. : Find out what you've been missing: Ask for a free 30-day evaluation. : : --- : [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] : : : To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html : List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ : Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ : : To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
