McAfee has sent out a notice of three worms discovered late this week
that have all advanced to medium threat due to prevalence.
W32/Mydoom.bc@MM (W32.Mydoom.AZ@mm [Symantec]) and W32/Mydoom.bd@MM
(currently no Symantec alias) are mass-mailing worms constructing messages
using its own SMTP engine. The message body contains a very convincing
message claiming that the recipient's account was used to send "a large
amount of junk email messages".
More information about the Mydoom.bc (Mydoom.AZ) worm is available at:
[log in to unmask]" target="_blank">http:[log in to unmask]
The Stinger tool dated 2/18/2005, the Symantec stand-alone tool for
Mydoom, and Symantec virus definitions dated 2/18/2005 rev 35 or later
will detect and remove this worm. Both the Stinger and Symantec
stand-alone tools are available right now at:
More information about the Mydoom.bd worm is available at:
The Stinger tool dated 2/18/2005 will detect and remove this tool.
Symantec has not discovered this worm yet so has not released a tool or
virus definitions to detect it.
We block all file types mentioned in the Mydoom write-ups from being
delivered to @uvm.edu addresses except .zip files so please be careful
with .zip files (always a good idea) and with attachments received to your
email addresses other than the one ending in @uvm.edu.
W32/Bropia.worm.p (currently no Symantec alias) propagates through MSN
messenger. The end user's computer becomes infected when the end user
chooses to open the attachment sent via MSN Messenger.
More information about Bropia.worm.p is available at:
No stand-alone tool is currently available for this worm, and there are no
Symantec virus definitions that detect this worm. Please use caution and
consider not clicking on links or attachments sent via MSN Messenger or
any other instant messaging program unless you know the sender and have
verified with that sender that the link or attachment is legitimate.
If tools or virus definitions from Symantec become available for Mydoom.bd
or Bropia.worm.p they will be posted to www.uvm.edu/antivirus/faqs .
Questions or problems about these three worms should be directed to the
CIT Helpline at [log in to unmask] or 656-2604, or to your department's IT
staff if applicable.