can confim that too
Mydoom is the name. close tcp port 3127 on client side (they who are already infected) will help...
Rog
Michel Renfer schrieb:
Hi All
We see more and more blocked emails in our antivirus deamon for this type of virus:
Antivirus Nachricht(en): infected with Win32.HLLM.MyDoom.32768
Seems to be a very bad one...
[EMAIL PROTECTED] is a mass-mailing worm. The worm will arrive as an attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip.
When the machine gets infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This will potentially allow a hacker to connect to the machine and utilize it as a proxy to gain access to it's network resources. In addition, the backdoor has the ability to download and execute arbitrary files.
The worm will perform a DoS starting on February 1, 2004. On February 12, 2004 the worm has a trigger date to stop spreading.
regards, michel ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
