Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||I-Worm.MyDoom.d, W32/Mydoom.e.dll, W32/MyDoom-E|
It launches Distributed Denial of Service attacks against the website www.sco.com. It opens a port, allowing a hacker to gain remote access to network resources.
|Detection updated on:||Feb. 16, 2004|
Mydoom.E is a worm that spreads via e-mail in a message with variable characteristics and through the peer-to-peer (P2P) file sharing program KaZaA.
Mydoom.E launches DDoS (Distributed Denial of Service) attacks against the website www.sco.com if the system date is between February 1 and February 14, 2004. It does this by launching GET/ HTTP/ 1.1 requests every 1,024 milliseconds. On February 14, 2004, the worm finishes its payload, ending its execution whenever it is activated.
Mydoom.E drops the DLL (Dynamic Link Library) SHIMGAPI.DLL, which creates a backdoor, opening the first available TCP port in the range from 3127 to 3198. This backdoor component allows to download and run an executable file, and acts as a TCP proxy server, allowing a hacker to gain remote access to network resources.
Mydoom.E is easy to recognize once it has affected the computer, as it opens the Windows Notepad and shows junk data: