NDRS Home
Next
Back

Home

W32.Mydoom.AX@mm

Discovered on: February 16, 2005

W32.Mydoom.AX@mm:
                                    A mass-mailing worm that uses it own SMTP engine to send email to addresses that it gathers
                                    from the Windows Address Book on a compromised computer.

Name:

W32.Mydoom.AX@mm

Also Known As: Win32.Mydoom.AU [Computer Associates], Email-Worm.Win32.Mydoom.am [Kaspersky Lab], W32/Mydoom.bb@MM [McAfee], W32/MyDoom-O [Sophos], WORM_MYDOOM.BB [Trend Micro]
When: February 16, 2005
Type: Worm
Effects: Mass-mails a worm that uses it own SMTP engine to send email to addresses that it gathers from the Windows Address Book on a compromised computer
>Downloads and executes a back door Trojan
Damage: Allows unauthorized remote access
Infection Length: Varies
Financial losses: Unknown
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

 

The Symantec Summary
threat assessment

Wild

  • Number of infections: 50 - 999
  • Number of sites: More than 10
  • Geographical distribution: Low
  • Threat containment: Easy
  • Removal: Moderate

Threat Metrics

Low Medium High

Wild:
Low

Damage:
Medium

Distribution:
High

Damage

  • Payload Trigger: n/a
  • Payload: Downloads and executes a back door Trojan.
    • Large scale e-mailing: Sends itself to all addresses it finds on the compromised computer.
    • Deletes files: n/a
    • Modifies files: n/a
    • Degrades performance: n/a
    • Causes system instability: n/a
    • Releases confidential info: n/a
    • Compromises security settings: Allows unauthorized remote access.

Distribution

  • Subject of email: Varies
  • Name of attachment: Varies with .bat, .cmd, .com, .exe, .pif, .scr, or .zip file extension.
  • Size of attachment: Varies
  • Time stamp of attachment: n/a
  • Ports: n/a
  • Shared drives: n/a
  • Target of infection: n/a

Symantec Resourse to W32.Mydoom.AX@mm

NDRS Home
Next
Back

Home