FANDOM


MyDoom
Aliases
  • Email-Worm.Win32.Mydoom.a (Kaspersky Lab)
  • W32/Mydoom.a@MM (McAfee)
  • W32.Mydoom.A@mm (Symantec)
  • Win32.HLLM.MyDoom (Doctor Web)
  • W32/MyDoom-A (Sophos)
  • Win32/Mydoom.A@mm (RAV)
  • WORM_MYDOOM.A (Trend Micro)
  • Worm/Mydoom.A (Avira)
  • W32/Mydoom.A@mm (FRISK)
  • Win32:Mydoom (ALWIL)
  • I-Worm/Mydoom.A (AVG)
  • Win32.Novarg.A@mm (SOFTWIN)
  • Worm.SCO.A (ClamAV)
  • W32/Mydoom.A.worm (Panda)
  • Win32/Mydoom.A (Eset)
Type Worm
Affected platform/s Microsoft Windows
Mydoom (also known as Novarg) is a computer worm affecting Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever (as of January 2004), exceeding previous records set by the Sobig worm. This worm spreads via the Internet in the form of files attached to infected messages. It also spreads via the file sharing network Kazaa. The worm itself is a Windows PE EXE file of 22528 bytes, compressed using UPX. The decompressed file is approximately 40KB in size.

The worm is activated only if the user opens the archive and launches the infected file by double-clicking on the attachment. The worm then installs itself in the system and starts the replication process.

The worm contains a backdoor function, and is also programmed to carry out DoS attacks on the site www.sco.com on 1st February 2004.

Part of the body of the worm is encrypted.[1]

ReferencesEdit

External linksEdit


Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.