Advisory Number: AV04-029: WORM_MYDOOM.M
26 July 2004
The purpose of this advisory is to bring attention to a variant of the Mydoom
worm: WORM_MYDOOM.M (aka W32/Mydoom.o@MM, W32.Mydoom.M@mm).
This new variant of W32/Mydoom is packed with UPX. Similarly to previous variants,
it bears the following characteristics:
- mass-mailing worm constructing messages using its own SMTP
- harvests email addresses from the victim machine
- spoofs the From: address
- contains an attachment with a .bat, .cmd, .com, .exe, .pif,
.scr, or .zip extension.
- the attachment name may contain a randomly selected domain,
which was found on the sender's system.
- downloads and executes a backdoor, detected as Backdoor.Zincite.A,
on port 1034/tcp.
PSEPC recommends that you ensure your anti-virus detection software definitions
Additional information about this worm is available at the following links:
Note to Readers
Public Safety and Emergency Preparedness Canada (PSEPC) collects information
related to cyber and physical threats to, and incidents involving, Canadian
critical infrastructure. This allows us to monitor and analyse threats and
to issue alerts, advisories and other information products. To report threats
or incidents, please contact the PSEPC operations coordination centre at (613)
991-7000 or firstname.lastname@example.org by
Unauthorized use of computer systems and mischief in relation to data are serious
Criminal Code offences in Canada. Any suspected criminal activity should be reported
to local law enforcement organizations. The RCMP National
Operations Centre (NOC) provides a 24/7 service to receive such reports or
to redirect callers to local law enforcement organizations. The NOC can be reached
at (613) 993-4460. National security concerns should be reported to the Canadian
Security Intelligence Service (CSIS) at
Links to sites not under the control of the Government of Canada (GoC) are
provided solely for the convenience of users. The GoC is not responsible for
the accuracy, currency or the reliability of the content. The GoC does not
offer any guarantee in that regard and is not responsible for the information
found through these links, nor does it endorse the sites and their content.