My Doom Worm

Robert Slade fedora at bathnetworks.com
Sun Jan 2 22:37:18 UTC 2005


On Sun, 2005-01-02 at 22:06, sly wrote:
> Philip Moller wrote:
> > I have also got a nasty worm (Worm.Mydoom.M:)   from
> > *landsking at onemain.com
> 
> how did you find it? i don't know much about worms and linux!
> 
> > 
> > * .....Kill, kill, kill   Die, die, die .......I hate worm's.
> > 
> > Philip Moller
> > 
> > Wayne Leutwyler wrote::
> > 
> >> Robert Slade wrote:
> >>
> >>> Hiya,
> >>>
> >>> Someone using IP address 66.59.107.18 (emmdsl.static.pa.net) is sending
> >>> out the Worm.Mydoom.M: As I only use this address for the fedora list
> >>> there is a good change they are also a member.
> >>>
> >>> Rob
> >>
> >> Yup I got one too. And I only use this address for this list.
> >>
> 
> -- 
> 
> sly
> (561)601-4303
> dsyc at go.ro
> 73 6c 79

I use Qmail and the Qmail Scanner caught and quarantined it. The MyDoom
worn takes the form of an email with a file attached usually with a zip
extension. The file is an executable which hides itself in the OS it
searches the hard drive for e-mail addresses and uses it's own smtp
engine to send out copies of itself. It also opens up high numbered
ports which are used by spammers to relay spam again steeling
bandwith.   

Although Worms and Virii are nearly all Windows based, the bandwidth
used up by their transmission over the Internet effects us all. At its
peak, the MyDoom worm really slowed down the Internet. It also shows
that whoever has the infected machine does not take the simplest of
precautions, there are a number of free AV programmes available for
Windows.

Rob   




More information about the users mailing list