Mydoom.M

It installs a dynamic link library that opens TCP port 1042 and acts as a backdoor. It ends processes belonging to antivirus programs and system monitoring tools.

Windows XP/2000/NT/ME/98/95

Mydoom.M is a worm that installs a dynamic link library (DLL) that opens TCP port 1042 and listens to it, thus behaving as a backdoor. By doing so, it allows hackers to remotely access the affected computer in order to carry out actions that would compromise users confidentiality or impede normal work.

In addition, the mentioned library will also end any active process containing specific text strings associated to antivirus programs and system monitoring tools. This leaves the affected computer vulnerable to the attack of other malware.

Mydoom.M spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).

Mydoom.M is very difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.