A. Mydoom is a new email virus that spoofs the sender so that the message appears to have come from a friend or respected source. The email message can carry any of several subjects, including

  • hi
  • hello
  • HELLO
  • error
  • Mail Delivery System
  • Mail Transaction Failed
  • Server Report
  • status
  • test
  • Test
  • Server Request

The body of the message contains various phrases, including

  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
  • The message contains Unicode characters and has been sent as a binary attachment.
  • Mail transaction failed. Partial message is available.

The message always contains an attachment (e.g., a .zip, .exe, or .bat file). If the recipient opens the attachment, the virus creates some registry keys to ensure that it autostarts at reboot, then harvests email addresses so that it can mail itself to other people.

The virus includes a Denial of Service (DoS) attack on Microsoft and SCO that's scheduled to run on set dates. In addition, the virus opens port 3127 on the local machine to let the virus writers access and control infected machines. To avoid the spread of this virus, download up-to-date virus definition files and, as always, never open an unsolicited email attachment.