It opens the TCP port 1034, acting as a backdoor. It downloads and installs the backdoor Bck/Surila.J and spreads via e-mail in a message with variable characteristics.

Windows 2003/XP/2000/NT

Mydoom.AO is a worm that affects Windows 2003/XP/2000/NT computers only. It opens the TCP port 1034 and listens to it, acting as a backdoor.

Mydoom.AO downloads a file called MODULELOG.PNG from the Internet. In fact, this file is not a PNG image, but an executable file belonging to the backdoor Bck/Surila.J.

Mydoom.AO spreads via e-mail, in a message with variable characteristics that passes itself off as a mail delivery error. In order to harvest e-mail addresses to send itself to, this worm looks for files on the affected computer, but it also uses intensive searches on web searchers.

Mydoom.AO uses popular web searchers, such as Google, Altavista, Yahoo and Lycos.

Additionally, Mydoom.AO is able to surpass certain anti-spam techniques commonly used when noting down e-mail addresses.

Mydoom.AO is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.