Computer Viruses, Worms and Hoaxes by Lady Camelot In recent days, I was one of
unfortunate persons to receive "Mydoom" worm emails. Not just one, but at least forty appeared in my popserver mailbox. As frustrating as it was deleting all of these nasty little boogers, I realized that some of these "worm" emails even came from persons I knew - or so I thought I knew.
The problem with "Mydoom" email worm is that it specifically targets email addresses with following extensions:
* .htm * .sht * .php * .asp * .dbx * .tbb * .adb * .pl * .wab * .txt
Furthermore, it sends "get" requests to target domains and uses direct connections to port 80. It will also attempt to send email messages using its own SMTP engine. The worm is successful by using a mail server that a recipient uses or local server as well. Some strings to these target domain names are:
* gate. * ns. * relay. * mail1. * mxs. * smtp. * mail. * mx.
The "Mydoom" worm will have subject headings such as:
* "Returned Mail" * "Delivery Error" * "Status" * "Server Report" * "Mail Transaction Failed" * "Mail Delivery System" * "Hello/hello" * "Hi/hi"
What persons need to realize is that even if you "know" sender, you must make absolutely sure that any attachments are specifically clarified from sender before you attempt to open these suspect emails. Most worms and viruses are spread directly through attachments. Unless you are expecting an attachment from a person you know, be cautious. Do NOT open attachments unless you are absolutely positive that your known correspondent has actually sent it to you. Another thing to remember is that "Mydoom" worm ranges from 6,144 bytes to 29,184 bytes in size and can affect Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. Luckily, if you have DOS, Linux, Macintosh, OS/2 or UNIX, your systems will not be affected by MyDoom worm.
