/ 21 November 2004

MyDoom internet worm wriggles back

A new computer worm is wiggling its way through the internet.

Computer antivirus companies Symantec and H+BEDV are warning their customers of the existence of a MyDoom variant known as Worm/MyDoom.AH.

The worm is a threat to anyone using the Microsoft Windows operating system.

Like MyDoom, the new MyDoom.AH virus exploits a security flaw in Microsoft’s Internet Explorer web browser. The worm opens port 1639 on the infected computer and through this opening can allow unauthorised access to the infected computer system.

The MyDoom.AH worm spreads itself by sending e-mail messages to addresses found on the infected system.

It also constructs e-mail addresses based on addresses it finds. The worm sends out a message in which recipients are requested to click a link found in the body of the message. When the link is clicked, a web server is contacted, which then infects the user’s computer.

E-mail messages containing the MyDoom.AH virus will include a subject line such as ”hi!,” ”hey!,” ”Confirmation”, or one that is blank. In general, antivirus experts recommend that one immediately deletes messages with such cryptic subject lines.

Antivirus makers such as Symantec are classifying the MyDoom.AH virus as a moderate threat, although it is expected that the threat will grow, given the ease of transmission.

Download the latest signature files from the makers of antivirus software to protect against MyDoom.AH. — Sapa-DPA