new doom varient?

E

ed

no i did not open the attached file. my av missed it but so did alot
of the av's at virus total.
but i thought this method was all but over in favor of password
protected infected attachments.
"Attention: ** - 10:45:22 PM - 6/2/2007 - This is an automatically
generated message.

A virus was found in the last outgoing message you sent. Our incoming
email scanner intercepted it and stopped the entire message before it
could reach its intended recipient. The virus was reported to be: I-
Worm.Mydoom.M

Technical details: I-Worm.Mydoom.m spreads via Google and Yahoo mail
services as an attachment to infected messages.

The worm itself is a Windows PE EXE file approximately 27KB in size,
packed using UPX.
The unpacked file is approximately 89KB in size.

The worm is only activated when a user opens an archive and launches
the infected file by double-clicking on it. The worm will then install
itself to your system and begin propagating. This worm also contains a
dangerous backdoor function. When the worm opens TCP port 1034, it
allows itself to receive remote commands. These ports were found to be
open on your system during the message scan.

Please use the attached patch file to remove the virus and cleanse
your system of any remaining parts of the worm.


Aliases: I-Worm.Mydoom.m (Kaspersky Lab), W32/Mydoom.o@MM (McAfee),
W32.Mydoom.M@mm (Symantec), Win32.HLLM.MyDoom.54464 (Doctor Web),
W32/MyDoom-O (Sophos), Win32/Mydoom.O@mm (RAV), WORM_MYDOOM.M
(Trend Micro), Worm/Mydoom.M (H+BEDV), W32/Mydoom.O@mm (FRISK),
Win32:Mydoom-M (ALWIL), I-Worm/Mydoom.O (Grisoft), Win32.MydooM@mm
(SOFTWIN), Worm.Mydoom.M (ClamAV), W32/Mydoom.N.worm (Panda),
Win32/Mydoom.R (Eset)

Description added: 6/2/2007 (new)
Self-Replicating Email Worm

Removal tool attached to ** message at: 10:45:22 PM on 6/2/2007
__________________________________________

Originating Message Headers:

Received: ** (HELO) (193.224.106.80)
by ** with SMTP; 12 Jun 2006 14:17:46 -0500
To: thelist at lists.evolt.org
Subject: Virus Detection
Date: Mon, 12 Jun 2006 21:17:45 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0002_4F80D187.6B2DD9E9"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Apply the attached patch to cleanse your system of any files that were
dropped by the worm.

Postmaster Security Encryption Algorithm:

YBLDKHRHJLHFZBJFVSHOLVIBGKBYSTFVRFRWHE"
 
E

ed

Complete scanning result of "Win32.Patch.MyDoom.zip", processed in
VirusTotal at 06/04/2007 09:47:52 (CET).

[ file data ]
* name: Win32.Patch.MyDoom.zip
* size: 3604
* md5.: b2298fde46f77322731d5b0fe0c0da5a
* sha1: 45dba3396fadc13a0eca455fc39ecb2ab8f5ae03

[ scan result ]
AhnLab-V3 2007.5.31.2/20070604 found nothing
AntiVir 7.4.0.29/20070604 found nothing
Authentium 4.93.8/20070523 found nothing
Avast 4.7.997.0/20070604 found nothing
AVG 7.5.0.467/20070603 found nothing
BitDefender 7.2/20070604 found nothing
CAT-QuickHeal 9.00/20070602 found [(Suspicious) - DNAScan]
ClamAV devel-20070416/20070604 found nothing
DrWeb 4.33/20070604 found nothing
eSafe 7.0.15.0/20070603 found nothing
eTrust-Vet 30.7.3688/20070603 found nothing
Ewido 4.0/20070603 found nothing
F-Prot 4.3.2.48/20070601 found nothing
F-Secure 6.70.13030.0/20070604 found [Hupigon.gen83]
FileAdvisor 1/20070604 found nothing
Fortinet 2.85.0.0/20070602 found nothing
Ikarus T3.1.1.8/20070604 found [Trojan-Spy.Win32.Bancos.ha]
Kaspersky 4.0.2.24/20070604 found [Trojan-Downloader.Win32.Small.ery]
McAfee 5044/20070601 found [New Malware.dq]
Microsoft 1.2503/20070604 found nothing
Norman 5.80.02/20070601 found nothing
Panda 9.0.0.4/20070603 found [Suspicious file]
Prevx1 V2/20070604 found nothing
Sophos 4.18.0/20070601 found nothing
Sunbelt 2.2.907.0/20070530 found nothing
Symantec 10/20070604 found nothing
TheHacker 6.1.6.129/20070604 found nothing
VBA32 3.12.0/20070603 found [suspected of Trojan-Dropper.Delf.33
(paranoid heuristics)]
VirusBuster 4.3.23:9/20070603 found []
Webwasher-Gateway 6.0.1/20070604 found nothing

[ notes ]
packers: EXPRESSOR, FSG
packers: Expr

__________________________________________________
VirusTotal is a free service offered by Hispasec Sistemas. There are
no guarantees about the availability and continuity of this service.
Do not reply to this message. It has been generated by an automatic
address that will not handle any reply. Although the detection rate
afforded by the use of multiple antivirus engines is far superior to
that offered by just one product, these results DO NOT guarantee the
harmlessness of a file. Currently, there is not any solution that
offers a 100% effectiveness rate for detecting viruses and malware.
 
E

ed

"PM..eml/Win32.Patch.MyDoom.zip/Win32.Patch.MyDoom.EXE - decompression
error!" faulty virus?
drweb online scan
File size: 8989 bytes

this is spam SPAM Yahoo PostMaster Alert - I-Worm.Mydoom.m detected at
10 45 22 PM..eml - archive MAIL
this is spam SPAM Yahoo PostMaster Alert - I-Worm.Mydoom.m detected at
10 45 22 PM..eml/[text:plain] - archive MAIL
this is spam SPAM Yahoo PostMaster Alert - I-Worm.Mydoom.m detected at
10 45 22 PM..eml/[text:plain] - OK
this is spam SPAM Yahoo PostMaster Alert - I-Worm.Mydoom.m detected at
10 45 22 PM..eml/Win32.Patch.MyDoom.zip - archive ZIP
 
E

ed

reply from drweb
Your request has been analyzed. It was corrupted file.

Thank you for the cooperation.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top