Welcome to the Virus Encyclopedia of Panda Security.
|First detected on:||July 19, 2004|
|Detection updated on:||July 20, 2004|
|Yes, using TruPrevent Technologies|
Mydoom.M is a worm that installs a dynamic link library (DLL) that opens TCP port 1042 and listens to it, thus behaving as a backdoor. By doing so, it allows hackers to remotely access the affected computer in order to carry out actions that would compromise users confidentiality or impede normal work.
In addition, the mentioned library will also end any active process containing specific text strings associated to antivirus programs and system monitoring tools. This leaves the affected computer vulnerable to the attack of other malware.
Mydoom.M spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).
Mydoom.M is very difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.