New Mydoom virus is not a pretty picture

Link: Virus news

W32/Mydoom.s@MM, also known as Mydoom.s, has emerged as a new variant of the mass-mailing worm, and comes in the form of the .exe attachment, “photos_arc.exe.”

McAfee’s Avert antivirus team warned that it has received ‘well over 100 reports’ of the virus within a three-hour span, most of the reports arriving from Japan and Europe.

Like previous versions of the infection, Mydoom.s is a mass-mailing program that can automatically construct its own outgoing messages with spoofed ?from? fields to hide the origin of its email.

The worm’s payload comes as an .exe file with a single name, photos_arc.exe, which differs from many of the other Mydoom variants that tend to use multiple extensions.

Users should be very wary of email containing the following:

From: (spoofed From: header)
Subject: photos
Body: LOL!;))))

The worm contains a remote access component of the virus, which listens for remote connections. In addition, Avert warned the virus downloads a backdoor Trojan to the user’s machine.

‘Companies should educate their users to practise safe computing. This includes never opening unsolicited email attachments and discouraging the sending and receiving of joke files, funny photographs and screensavers,’ said Graham Cluley, senior technology consultant for Sophos in a statement.

‘This worm feeds on users’ willingness to accept ‘humorous’ content on their desktop computers, but by doing this, they could be putting their entire company’s data at risk.’

Related reading

HMRC banknotes