Welcome to the Virus Encyclopedia of Panda Security.
It installs a dynamic link library that opens TCP port 1042 and acts as a backdoor. It ends processes belonging to antivirus programs and system monitoring tools.
|First detected on:||July 19, 2004|
|Detection updated on:||July 20, 2004|
|Yes, using TruPrevent Technologies
Mydoom.M is a worm that installs a dynamic link library (DLL) that opens TCP port 1042 and listens to it, thus behaving as a backdoor. By doing so, it allows hackers to remotely access the affected computer in order to carry out actions that would compromise users confidentiality or impede normal work.
In addition, the mentioned library will also end any active process containing specific text strings associated to antivirus programs and system monitoring tools. This leaves the affected computer vulnerable to the attack of other malware.
Mydoom.M spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).
Mydoom.M is very difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.