Welcome to the Virus Encyclopedia of Panda Security.
It launches Distributed Denial of Service attacks against the website www.sco.com. It opens a port, allowing a hacker to gain remote access to network resources.
Mydoom.E is a worm that spreads via e-mail in a message with variable characteristics and through the peer-to-peer (P2P) file sharing program KaZaA.
Mydoom.E launches DDoS (Distributed Denial of Service) attacks against the website www.sco.com if the system date is between February 1 and February 14, 2004. It does this by launching GET/ HTTP/ 1.1 requests every 1,024 milliseconds. On February 14, 2004, the worm finishes its payload, ending its execution whenever it is activated.
Mydoom.E drops the DLL (Dynamic Link Library) SHIMGAPI.DLL, which creates a backdoor, opening the first available TCP port in the range from 3127 to 3198. This backdoor component allows to download and run an executable file, and acts as a TCP proxy server, allowing a hacker to gain remote access to network resources.
Mydoom.E is easy to recognize once it has affected the computer, as it opens the Windows Notepad and shows junk data:
ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS? FREE SUPPORT INCLUDED. CALL US 24/7
powered by Anytech365