Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Destructive variant of Mydoom loose

  • 26-02-2004 1:10pm
    #1
    Registered Users, Registered Users 2 Posts: 5,513 ✭✭✭


    A new variant of MyDoom worm - Mydoom.F was found on February 20th, 2004

    It is functionally similar to the original variant but it does not attack www.sco.com. Mydoom.F tries to perform a Distributed Denial-of-Service attack on www.microsoft.com and also www.riaa.com.

    In addition to the Distributed Denial-of-Service attack the worm tries to delete several file types from the victim's hard drive such as pictures, movies and MS Office documents.

    The worm's code in charge of that is the same that harvests e-mail addresses. It will check every drive from 'C' to 'Z', and for each of the folders on those, it will go through each file, performing the following actions:


    When copying itself, the worm will overwrite part of its executable with random data. Starting from 28000 bytes from its beginning it will write a 1 kB chunk of random data, making the file seem variable.

    Some of the strings are scrambled using the same method as in the original Mydoom, ROT13.

    It will add an entry in the registry in:


    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]


    or, if failed in


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]


    containing:


    <random string> = %sysdir%\<random string>.exe


Comments

  • Closed Accounts Posts: 13,992 ✭✭✭✭gurramok


    Yep.
    It caused havoc in work, infected about 150 pc's and 4 servers, it deleted alot of data last tuesday 24th and only now has been fully controlled.
    (anti-virus update on pc is useless without ppl running the virusscan, auto-dtect didnt help :))


  • Closed Accounts Posts: 2,393 ✭✭✭Eurorunner


    Autoprotect on Nortons has picked up the following in my inbox three times today:
    W32.Netsky.D@mm


    According to the symantec security response, i would have received this from people who had my email address in their mailing list. Who the hell are these three people:ninja:


Advertisement