W32/Mydoom@MM is a High-Outbreak Risk mass-mailing worm flooding email servers worldwide. When run, the worm steals email addresses from the infected machine and also automatically generates random email addresses for propagation. This email generation engine is similar to technologies spammers use to generate addresses for spam email campaigns.

W32/Mydoom@MM generates emails with a spoofed From: field, so incoming messages may appear to be from people you know. Furthermore, the subject line and message body are both randomly generated by the worm.

W32/Mydoom@MM also attempts to open a port on an infected PC, allowing a remote hacker to gain control of the system. (Installing a firewall such as McAfee Personal Firewall Plus can prevent this activity.)

What are the common subject lines, attachment names and message content associated with W32/Mydoom@MM:

Subject:

Randomly generated

Attachment:

Randomly generated

The icon used by the file tries to make it appear as if the attachment is a text file.

The attachment type varies [.exe, .pif, .cmd, .scr] - often arrives in a ZIP archive), though the attachment size is 22,528 bytes.

From:

Spoofed -- may appear to be from someone you know.

Body:

Varied: (examples)

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

The message contains Unicode characters and has been sent as a binary attachment.

Mail transaction failed. Partial message is available.

How do you know if you've been infected?

Upon executing the virus, Notepad is opened, filled with nonsense characters.

Visit the following sites for more information:

www.mcafee.com

www.norton.com