McAfee has reported another Mydoom variant that has advanced to medium
threat due to prevalence.
W32/Mydoom.be@MM (currently no Symantec alias) is a mass-mailing worm
constructing messages using its own SMTP engine. The message body
contains a very convincing message claiming that the recipient's account
was used to send "a huge amount of unsolicited email" which encourages the
recipient to open an attached file containing the infected code.
More information about the Mydoom.be worm is available at:
The Stinger tool dated 2/21/2005 will detect and remove this worm.
Symantec has not discovered this worm yet so has not released a tool or
virus definitions to detect it.
We block all file types mentioned in the Mydoom write-ups from being
delivered to @uvm.edu addresses except .zip files so please be careful
with .zip files (always a good idea) and with attachments received to your
email addresses other than the one ending in @uvm.edu.
If virus definitions from Symantec become available for Mydoom.be they
will be pushed from the central antivirus servers to managed/on-campus
clients of Symantec Antivirus.
Questions or problems about W32/Mydoom.be@MM should be directed to the CIT
Helpline at [log in to unmask] or 656-2604, or to your department's IT staff