A new version of the extensive and successful MyDoom worm family has appeared. Fortunately, like many recent variants, this version has got off to a slow start and is unlikely to become a major threat.
Details
MyDoom.CF was discovered Tuesday, June 28th, 2005. It is a standard MyDoom family member, faking the email address it is sent from. Messages MyDoom.CF use typically make a relatively unsuceesful attempt at seeming either personal (“Is it your name listed here? It seems this is the Pentagon listing“) or official (“Your file hasn't passedour security check and thus was returned“) and are typically caught by spam filters, if they are present. MyDoom.CF is not a very damaging virus, and exists only to spread. Attachments associated with MyDoom.CF are 32,256 bites in size, although if in the .zip format, they can vary.
Protection
Detection for this worm may be covered generically under some current DAT files, as it is an unremarkable variant of a well-known worm family. Updates will likely start appearing within the next 24 hours. As this is a low-risk threat, emergency detection releases are unlikely.
The Gist
MyDoom.CF, although it may spread some, is an unremarkable MyDoom variant and does not pose a significant risk at this time.
Links
Symantec - Write-up.
Posted
Jun 29 2005, 01:44 PM
by
trafton