Beware: New Version of Mydoom
28 Jan 2004
Kaspersky Lab, a leading information security software developer has detected a new version of Mydoom (Novarg) - Mydoom.b
Kaspersky Lab has received reports of infections by this malicious program. Our analysts believe that Mydoom.b is probably using machines infected by the original Mydoom, which could mean as many as 600,000 units. These infected computers may have received a command to send out copies of Mydoom.b. Therefore, the computer community may be facing a much more serious outbreak than the one caused by Mydoom.a yesterday, January 27.
The new version contains minimal technical innovations. Mydoom.b also spreads via email and the KaZaA file-sharing network. The email contains a different set of text strings in the body. The carrier file is about 28 KB in size and contains the text string: "sync-1.01; andy; I'm just doing my job, nothing personal, sorry". Mydoom.b is scheduled to launch a DoS attack between February 1 and February 12 2004 on two web sites: www.sco.com and www.microsoft.com.
Moreover, the worm modifies the operating system to prevent users from reaching many anti-virus vendors' sites, security-related news sites and various sections of the Microsoft site, as well as downloading data from banner networks.
Kaspersky®Anti-Virus databases have been updated with protection against Mydoom.b.
A detailed description of Mydoom.b is available in the Kaspersky Virus Encyclopedia