Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||I-Worm/Novarg, WORM_MIMAIL.R W32/Mydoom@MM I-Worm/Novarg@MM|
|First detected on:||Jan. 27, 2004|
|Detection updated on:||June 25, 2007|
|Yes, using TruPrevent Technologies|
|Repair utility:||Panda QuickRemover|
Mydoom.A launches DDoS (Distributed Denial of Service) attacks against the website www.sco.com if the system date is between February 1 and February 12, 2004. It does this by launching GET/ HTTP/ 1.1 requests every 1,024 milliseconds. On February 12, 2004, the worm finishes its payload, ending its execution whenever it is activated.
Mydoom.A drops the DLL (Dynamic Link Library) SHIMGAPI.DLL, which creates a backdoor, opening the first available TCP port in the range from 3127 to 3198. This backdoor component allows to download and run an executable file, and acts as a TCP proxy server, allowing a hacker to gain remote access to network resources.
Note: on February 10, 2004, a new variant of this worm was detected by PandaLabs. This new variant carries out the same actions as the original, but it is compressed