Update: Ultimate Links PC Tips - Email-Worm.Win32.Mydoom.m

Email-Worm.Win32.Mydoom.m (Kaspersky Lab) is also known as: I-Worm.Mydoom.m (Kaspersky Lab),
W32/Mydoom.o@MM (McAfee)
W32.Mydoom.M@mm (Symantec)
Win32.HLLM.MyDoom.54464 (Doctor Web)
W32/MyDoom-O (Sophos)
Win32/Mydoom.O@mm (RAV)
WORM_MYDOOM.M (Trend Micro)
Worm/Mydoom.M (H+BEDV)
W32/Mydoom.O@mm (FRISK)
Win32:Mydoom-M (ALWIL)
I-Worm/Mydoom.O (Grisoft)
Win32.Mydoom.M@mm (SOFTWIN/BitDefender)
Worm.Mydoom.M (ClamAV)
W32/Mydoom.N.worm (Panda)
Win32/Mydoom.R (Eset)

Behavior: Email Worm

I-Worm.Mydoom.m spreads via the Internet as an attachment to infected messages.

The worm itself is a Windows PE EXE file approximately 27KB in size, packed using UPX. The unpacked file is approximately 50KB in size.

The worm is only activated when a user opens the archive and launches the infected file by double-clicking on it. The worm will then install itself on the system and begin propagating.

The worm contains a backdoor function.

Part of the body of the worm is encrypted.

Installation

When installing, the worm copies itself as 'java.exe' to the Windows root directory, and registers this file in the system registry. This ensures the worm will be launched each time the infected system is booted.
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
  JavaVM = %windir%\java.exe

This ensures the worm will be launched each time the infected system is booted.

The worm also creates a file named 'services.exe.',...

View Original Content...

4 comments :

Sabryna said...

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

Alena

www.smallbusinessavenues.com

Ruth said...

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.


Ruth

http://www.infrared-sauna-spot.info

Anonymous said...

Can anyone recommend the top performing RMM tool for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central service desk
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

Anonymous said...

I would like to exchange links with your site myblogsinform.blogspot.com
Is this possible?