Tuesday, November 09, 2004

New Version of MyDoom Worm in Zero-Day Attack - "The worm, known as MyDoom.ag in McAfee's naming, does not have a file attachment, as is typical of mail worms. Instead, it installs a Web server on Port 1639 of the infected system. The e-mails it sends out to spread itself contains a link to the server on the infected computer."

I'm already seeing this on the CALI mail server with infected messages coming from .edu domains.  There appear to be a t least two variants out there.

Here are vendor links:

Trend

Symantec

Sophos


10:22:50 AM    

© Copyright 2004 Elmer Masters .
Last update: 12/1/2004; 5:48:24 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "News Filter" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.