This is because of the pervasiveness of the variant and its ability to download the Win32.Gavvo trojan, and recruit the infected machine into a Zombie network for further destruction.
"The variant knocking at the front door is fairly familiar, but it is leaving the backdoor open to something much more sinister," said Abdul Karim Riyaz, business technologist for CA Arab world. "Over the last 18 months we have seen a general trend toward the creation of zombie or slave-machine armies, used to create further attacks against the Internet at large, such as spam or denial of service attacks. For that reason, we want Internet users to be extra vigilant and are raising the threat assessment to high."
Win32.Mydoom-AU is a worm that spreads via e-mail, searching an infected computer's hard drive for email addresses and then uses major search engines such as Lycos, Altavista, Yahoo and Google to harvest additional addresses in the same domain as the infected computer.
The worm also creates a "mutex" to ensure only one copy of the worm runs at a time. The mutex name is generated by combining the affected machine's name with the string "root" repeated multiple times.
The worm arrives attached to an e-mail with a variable Subject and Message Body. It decides on the variable name and file extension by utilizing the user's email address and domain. This appeals to the user because it appears to be a personalized message. It exploits information about the user's email address and domain in the message, while enticing the user to open the message, ultimately infecting them.
The Subject line may be randomly generated or include one of the following:
hello
hi
error
status
test
report
delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error
The worm attempts to close windows with these names:
rctrl_renwnd32
ATH_Note
IEFrame
It also downloads and executes arbitrary files from the following domain:
www.aoprojecteden.org
CA urges users to update their anti-virus protection with the latest signatures.
Browse
related articles
Computer Associates raises threat assessment for new "mydoom" variant to high
- United Arab Emirates: Monday, February 28 - 2005 at 16:52
- PRESS RELEASE
Computer Associates, one of the world's largest management software companies, has raised the threat assessment for the Win32.Mydoom-AU (also known as Mydoom BB and Mydoom-AW) variant to high.
Also consider reading:
Digg
Facebook
LinkedIn
Twitter
Browse
related articles
Log in to request more information from CA (Computer Associates)
Notes and media contacts
CA has plans to expand its $1 billion annual EMEA revenues faster than the overall market by implementing a three-pronged growth strategy. In addition to its expansion in the SMB market, the strategy calls for deeper penetration of selected emerging markets such as the Middle East and Central and Eastern Europe and increased business with original equipment manufacturers (OEMs).CA's proposition to SMBs is its depth and breadth of software solutions that work together seamlessly and deliver total protection. The product portfolio includes BrightStor ARCserve Backup, eTrust Antivirus, Unicenter Desktop DNA and eTrust PestPatrol, all of the elements SMBs need to protect their IT investments.
Recently, Computer Associates announced the launch of direct operations in the Arab countries. CA's direct presence - compared with its previous engagement solely through partners - signals a clear change in the company's strategy towards Arab countries. The company has established its regional headquarters in Dubai Internet City in the UAE, and is currently finalizing the setup of offices at key locations throughout the region.
CA users in the Arab World include Emirates Bank International, Dubai Department of Civil Aviation, Etisalat Contact Center, Saudi Arabian Airlines, Abu Dhabi Oil Refining Company, Al Jubail Petrochemical, Bank of Beirut and the Royal Court Affairs in Oman
About CA
Computer Associates International, Inc. (NYSE:CA), one of the world's largest management software companies, delivers software and services across operations, security, storage, life cycle and service management to optimize the performance, reliability and efficiency of enterprise IT environments. Founded in 1976, CA is headquartered in Islandia, N.Y., and serves customers in more than 140 countries. For more information, please visit http://ca.com.
For other enquiries, please contact For Further Information:
Rasha Zeitoun
Telephone: + 971 4 3676511
Fax: + 971 4 3676510
For media contact:
Mohammed Kharroubi - ASDA'A Public Relations
Tel: 00-9714-3344550 Fax: 00-9714-3344556
© 2004 Computer Associates International, Inc.. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Posted by Lara Lynn Golden, News EditorMonday, February 28 - 2005 at 16:52 UAE local time (GMT+4)
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of AME Info FZ LLC / Emap Limited.
This article was updated on Sat Mar 26 2005.
Disclaimer:
Articles in this section are primarily provided directly by the companies appearing or PR agencies which are solely responsible for the content. The companies concerned may use the above content on their respective web sites provided they link back to http://www.ameinfo.com
Any opinions, advice, statements, offers or other information expressed in this section of the AMEinfo.com Web site are those of the authors and do not necessarily reflect the views of AME Info FZ LLC / Emap Limited. AME Info FZ LLC / Emap Limited is not responsible or liable for the content, accuracy or reliability of any material, advice, opinion or statement in this section of the AMEinfo.com Web site.
For details about submitting your stories, please read the guide - all content published is subject to our terms and conditions
It looks like you are using a Mac - check out our 
Web Feeds