Latest Threats

New MyDoom Variant MyDoom.M

A new variant of Mydoom virus, Mydoom.M, is spreading across the Internet. The number of infections is increasing rapidly. F-Secure Corporation has upgraded the warning to Radar Level 2.

Inter Engineering’s Josmaarten Swinkels comments:
“For quite a while already almost every circulating Worm leaves a Backdoor behind so that the infected machine can be exploited to send Spam, do denial of service attacks or for other activities where the initiator doesn’t want to get caught.
By now there is a large and diverse quantity of machines infected with Backdoors out there and this has triggered the curiosity of many people who would like to test their skills as newborn hackers. So the amount of attacks is increasing dramatically and it’s guaranteed that quite a few of them will eventually succeed!
Once more we emphasize that it is a must to have protection with continuously updated Anti Virus, as well as a Firewall to stop intrusions.”

Inter Engineering informs its subscribers with the protection from the virus details.

Mydoom is a mass mailing worm. The infected messages look like email system error messages and spam warnings. On the infected systems, there is installed a backdoor program which allow the virus writer to take over the system.

Mydoom reaches a system through email messages, as an attached compressed file. The worm uses techniques to change its file contents in order to avoid easy detection. The message subject is a mail system error message. The subjects the worm sends are:

Returned mail: Data format error
Returned mail: see transcript for details
Delivery reports about your e-mail
Mail System Error - Returned Mail
Message could not be delivered
delivery failed
report
test
status
error
hi
hello

The attached file has extensions CMD, BAT, COM, EXE, PIF, SCR

As soon as the infected file is executed, two programs are installed on the system. The virus itself and a backdoor program. The virus is executed everytime the system is started, while the backdoor program allows the virus writer to remotely take over the system control.

The virus is scanning Windows Address Book, Temporary Internet Files and the Hard Disk for email addresses, to which it sends itself, thus propagating over the Internet.

The Backdoor program 'listens' on TCP Port 1034 for commands from the Internet and the virus writer, so he is able to take over the system.

F-Secure Anti-Virus and F-Secure Anti-Virus Client Security users are protected if they have the virus database version updated to

Version = 2004-07-26_04

For the detection and disinfection from the worm, F-Secure has developed a tool which can be found at http://www.f-secure.com/tools/f-mydoom.zip

F-Secure Corporation protects individuals and businesses against computer viruses and other threats coming through the Internet or mobile networks. The award-winning solutions include antivirus, desktop firewall with intrusion prevention and network encryption. F-Secure’s key strength is the speed of response to new threats. For businesses the solutions feature centralized management. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999. Headquarters are in Helsinki, Finland, and offices in USA, France, Germany, Sweden, the United Kingdom and Japan. F-Secure is supported by a global ecosystem of value added resellers and distributors in over 50 countries

For Greece, Cyprus and the Balkan the F-Secure Solutions are distributed by Inter Engineering

About Inter Engineering

Inter Engineering is one of the few companies specialized in Data Security and operates as a distributor of security solutions covering Greece, Cyprus and the Balkan. Since 1992 the company is active in the protection against computer viruses and has since then extended its activities with Content Security for email and web, strong cryptography, access control, Firewalls, copy protection, biometrics and data recovery. The Company cooperates closely with leading manufacturers globally and contributes actively to research and development. Also close relationships with scientific organizations are maintained. Thus Inter Engineering is able to provide consultancy and solutions for almost any Data Security issue.

To contact us: Inter Engineering
P.O. Box 1626
410 02 Larissa, Greece
Tel. +30.2410.670030
Fax. +30.2410.670006
Email: sales@inter.gr