Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Mydoom.M

 
Threat LevelHigh threat
DamageSevere
DistributionNot widespread
Common name:Mydoom.M
Technical name:W32/Mydoom.M.worm
Threat level:Medium
Type:Worm
Effects:  

It installs a dynamic link library that opens TCP port 1042 and acts as a backdoor. It ends processes belonging to antivirus programs and system monitoring tools.

Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:July 19, 2004
Detection updated on:July 20, 2004
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Mydoom.M is a worm that installs a dynamic link library (DLL) that opens TCP port 1042 and listens to it, thus behaving as a backdoor. By doing so, it allows hackers to remotely access the affected computer in order to carry out actions that would compromise users confidentiality or impede normal work.

In addition, the mentioned library will also end any active process containing specific text strings associated to antivirus programs and system monitoring tools. This leaves the affected computer vulnerable to the attack of other malware.

Mydoom.M spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).

Visible Symptoms 

    

Mydoom.M is very difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.