Kits
ULTIMATE Member
It has been posted on other forums warning members of the new threat..
Watch out for this virus and be vigilant everyone...
Over the next 36 hours we will start to see the emergence of a new raft of Mydoom variants. Both around 20k in size with multiple subject types, multiple attachment sizes and types.
Mydoom.W and Mydoom.V are emerging at this time in the Philipines and in Australia.
The attachments carried have .doc, .rtf, .zip, .pif, .exe, .txt and .html extensions - plus the likelyhood of others!
The file size varies from 17.5k to 21.6k in size and instead of coming from a garbled sender with a spurious subject message the message uses a new pattern engine. That engine creates a message with combinations of the following christian names and surnames to make it look even more legible.
Christian names: Alex, Alexander, Andrew, Anthony, Barry, Bernard, Bill, Brian, Calvin, Carl, Charles, Christopher, Clifford, Daniel, David, Dennis, Donald, Douglas, Edward, Eric, Francisco, Frank, Gary, George, Gregory, Harold, Henry, James, Jason, Jay, Jeffrey, Jerry, Jim, John, Jon, Jose, Joseph, Joshua, Kenneth, Kevin, Larry, Leon, Leroy, Lloyd, Marcus, Mario, Mark, Matthew, Michael, Micheal, Miguel, Oscar, Patrick, Paul, Peter, Randall, Raymond, Richard, Ricky, Robert, Ronald, Ronnie, Scott, Stephen, Steven, Theodore, Thomas, Timothy, Tom, Tommy, Troy, Walter and William.
Surnames: Adams, Allen, Anderson, Baker, Brown, Campbell, Carter, Clark, Cruz, Davis, Freeman, Garcia, Gomez, Gonzalez, Green, Hall, Harris, Hernandez, Hill, Jackson, Johnson, Jones, King, Lee, Lewis, Lopez, Marshall, Martin, Martinez, Miller, Mitchell, Moore, Murray, Nelson, Ortiz, Parker, Perez, Phillips, Porter, Roberts, Robinson, Rodriguez, Scott, Simpson, Smith, Stevens, Taylor, Thomas, Thompson, Tucker, Turner, Walker, Webb, Wells, White, Williams, Wilson, Wright and Young.
In a further trick on infection it searches for email addresses to send out using it's own SMTP engine that uses EITHER the host SMTP outbound path to your ISP OR if unavailable then hardcoded SMTP servers on port 25 (yet another reason to block). It searches the infected pc for html, word .doc, excel .xls, saved html pages as well as interogating both Yahoo Messenger and MSN Messenger for addresses to propogate to.
__________________
Watch out for this virus and be vigilant everyone...























