FORDMOTORPANY.COM
welcome to my space
X
Article search:  
 HOME   2/21: MyDoom-BE Worm Harvests Addresses
2/21: MyDoom-BE Worm Harvests Addresses
Published by: webmaster 2008-07-25

W32/Mydoom.be@MM is a variant of W32/Mydoom that is similar to previous variants. It bears the following characteristics:

  • mass-mailing worm constructing messages using its own SMTP engine
  • harvests email addresses from the victim machine
  • spoofs the From: address
  • downloads the BackDoor-CEB.f trojan

    From: (spoofed From: header)
    Do not assume that the sender address is an indication that the sender is infected.

    Computer security background information::
    2/21: MyDoom-BE Worm Harvests Addresses · 2/22: MyDoom-BF Worm Sends Mass Emails · 5/10: Mydoom-BQ a Mass-Mailing Worm · 9/20: Mydoom-Y Worm Connects To URL
    http://www.100share.com/computer-security.htm    HOME
    Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

    The From: address may be spoofed with a harvested email address. Additionally, it may be constructed so as to appear as a bounce, using the following addresses:

  • mailer-daemon@(target_domain)
  • noreply@(target_domain)
  • postmaster@(target_domain)

    The following display names are used in this case:

  • Postmaster
  • Mail Administrator
  • Automatic Email Delivery Software
  • Post Office
  • The Post Office
  • Bounced mail
  • Returned mail
  • MAILER-DAEMON
  • Mail Delivery Subsystem

    Subject:
    The following subjects are used:

  • Site License for Information Technology Services, University of ::
    Stinger removal tool (v2.5.2, 2/21/05). W32/Mydoom.be@MM is similar to The worm harvests email addresses from files on the infected computer and has
    http://www.hawaii.edu/pcalerts/    HOME
    hello
  • hi
  • error
  • status
  • test
  • report
  • delivery failed
  • Message could not be delivered
  • Mail System Error - Returned Mail
  • Delivery reports about your e-mail
  • Returned mail: see transcript for details
  • Returned mail: Data format error

    Body:
    The virus constructs messages from pools of strings it carries in its body.

    Attachment:
    The attachment may be an EXE file with one of the following extensions:

  • EXE
  • COM
  • SCR
  • PIF
  • BAT
  • CMD

    It may also be a copy of the worm within a ZIP file (may be doubly ZIPped). In this case the extension is:

  • ZIP

    More information can be found at this McAfee page.




    Pre-Article:2/21: MyDoom-BC an Email Worm for Windows
    Next-Article:Convolution and Frequency Filtering in Java

    • About us -Site map -Advertisement -Jion us -Contact usExchange linksSponsor us
    Copyright© 2008 fordmotorpany.com All Rights Reserved
    Site made&Support support@fordmotorpany.com    E-mail: web@fordmotorpany.com