Computer Security Wiki
  • Email-Worm.Win32.Mydoom.a (Kaspersky Lab)
  • W32/Mydoom.a@MM (McAfee)
  • W32.Mydoom.A@mm (Symantec)
  • Win32.HLLM.MyDoom (Doctor Web)
  • W32/MyDoom-A (Sophos)
  • Win32/Mydoom.A@mm (RAV)
  • WORM_MYDOOM.A (Trend Micro)
  • Worm/Mydoom.A (Avira)
  • W32/Mydoom.A@mm (FRISK)
  • Win32:Mydoom (ALWIL)
  • I-Worm/Mydoom.A (AVG)
  • Win32.Novarg.A@mm (SOFTWIN)
  • Worm.SCO.A (ClamAV)
  • W32/Mydoom.A.worm (Panda)
  • Win32/Mydoom.A (Eset)
Type Worm
Affected platform/s Microsoft Windows

Mydoom (also known as Novarg) is a computer worm affecting Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever (as of January 2004), exceeding previous records set by the Sobig worm. This worm spreads via the Internet in the form of files attached to infected messages. It also spreads via the file sharing network Kazaa. The worm itself is a Windows PE EXE file of 22528 bytes, compressed using UPX. The decompressed file is approximately 40KB in size.

The worm is activated only if the user opens the archive and launches the infected file by double-clicking on the attachment. The worm then installs itself in the system and starts the replication process.

The worm contains a backdoor function, and is also programmed to carry out DoS attacks on the site on 1st February 2004.

Part of the body of the worm is encrypted.[1]


External links[]