Updates

A compilation of the latest information about Virus, Security and Patches which could be vital for your system

W32/Mydoom.ah@MM

The latest version of MyDoom is different enough from the original that some experts are calling it a cut-and-paste job. The new MyDoom variant leverages an unpatched flaw in Internet Explorer that lets it infect a PC after a user clicks on a link. The flaw affects Internet Explorer 6.0 on Windows 2000 and Windows XP Service Pack 1. Users who have installed Windows XP Service Pack 2 are immune. McAfee has rated this variant as of medium risk.

The virus spreads by sending e-mail messages to addresses harvested from an infected system and addresses constructed by the virus. The message format is:

From: Spoofed address (may be exchange-robot@paypal.com when sending paypal message body below)
Subject: (case may vary) hi!, hey!, Confirmation or blank

Body:

Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days.

To see details please click this link.

DO NOT REPLY TO THIS MESSAGE VIA E-MAIL! This e-mail is being sent by an automated message system and the reply will not be received.

Thank you for using PayPal.

or

Hi! I am looking for new friends.

My name is Jane, I am from Miami, FL.

See my homepage with my weblog and last webcam photos!

See you!

The links in these messages take the person clicking on them to a Web page generated by the virus that's hosted on the infected PC from which the mail was sent. A page that contains the IFrame vulnerability and lets the virus execute code on the victim's computer, harvest e-mail addresses, and send out mail to spread itself, sets up a Web server and attempt to contact Internet relay chat (IRC) servers to notify the virus creator. Creating a Web server and using it to infect other systems is a change from earlier avatars of MyDoom and its ilk.