Mydoom. K is a type of "mail bomb" that infects your computer through e-mail addresses collected on your computer's hard drive.
Nickname: Win32: Mydoom [DLL], Worm / Mydoom.C.1, W32.Mydoom.B@mm, Win32: Mydoom-K [WRM], Worm / Mydoom.C.2, I-Worm.Mydoom.c, I- Worm / Mydoom.L, W32 / Mydoom.k.dll
Date appeared: May 20, 2004
Describe:
E-mail virus Mydoom.K has the following characteristics: & nbsp;
From: & lt; random name & gt;
Subject: bring one of the following:
• & lt; space & gt;
• Error
• Circus
• Server Report
• Mail Transaction Failed
• Mail Delivery System
Message: Selected from one of the following:
• & lt; space & gt;
• & lt; random characters & gt;
• test
• Mail transaction failed. Partial message is available.
• The message contains Unicode characters and has been sent as a binary attachment.
• The message can not be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachments: bring one of the following:
• thank you
• game
• body
• message
• test
• date
• file
• text
• readme
• document
The attachment name usually has two extensions. The first extension may be one of the following:
• doc
• htm
• txt
The second extension has the following extensions:
• bat
• cmd
• exe
• scr
• pif
• zip
- Mydoom.K has a DLL backend component, which is attached to the EXPLORER.EXE file, so that this file can load .DLL each time the system boots. The following port will open the TCP / 3127 port and listen for commands from a remote server.
Mydoom.K is written in Visual C ++, running on Windows 95, 98, ME, NT, 2000, and XP.
