Virus:Tr/Mydoom.BB.1
Date discovered:23/05/2006
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:8.192 Bytes
MD5 checksum:b0fe74719b1b647e2056641931907f4a
VDF version:6.34.01.125
IVDF version:6.34.01.130 - Wednesday, May 24, 2006

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Symantec: Backdoor.Zincite.A
   •  Mcafee: W32/Mydoom.o@MM
   •  Kaspersky: Email-Worm.Win32.Mydoom.m
   •  TrendMicro: WORM_MYDOOM.M
   •  Sophos: W32/MyDoom-O
   •  Grisoft: I-Worm/Mydoom.O
   •  VirusBuster: Backdoor.Mydoom.R
   •  Eset: Win32/Mydoom.R
   •  Bitdefender: Win32.Mydoom.M@mm

It was previously detected as:
   •  Worm/Mydoom.BB.1


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Third party control

 Files The following files are created:

– Temporary files that might be deleted afterwards:
   • %TEMPDIR%\zincite.log
   • %TEMPDIR%\yzptj.log

 Registry The following registry key is added in order to run the process after reboot:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "Services"=" %malware execution directory%\%executed file%"

 Backdoor The following port is opened:

%malware execution directory%\%executed file% on TCP port 1034 in order to provide backdoor capabilities.

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Irina Boldea on Thursday, May 18, 2006
Description updated by Irina Boldea on Monday, May 29, 2006

Back . . . .