Feb 26 2004

MyDoom.F

Published by Martin at 8:48 am under Malware

The latest iteration of the MyDoom virus is starting to live up to it’s name; they virus starts deleting Excel and Word documents as well as various picture files. I can imagine the cries of pain out there, “Oh no! The virus ate all my pr0n! And my my work files too.” Here are a couple of links to the antivirus sites, and the signature I’m using in Snort. By the way, this signature came from the Snort-signatures mail list, but I already deleted the email, so I can’t give proper credit to the author.

Virus Analysis:
Trend Micro
McAffee Antivirus
Symantec Antivirus

Snort MyDoom.F Signature
alert tcp any any -> any any (msg:”Virus - MyDoom.F Worm”;content:”gICAgICAgICAgICAgICAgICAg”;content:”|57 69 6E 64 6F 77 73 2D 31 32 35 32|”;classtype:misc-attack; rev:1;)

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 Responses to “MyDoom.F”

  1. # Bowulf Infosec & Weightloss Blogon 27 Feb 2004 at 5:26 am

    MyDoom.F deleting work and pr0n - Using Snort to “protect” one’s pr0n

    Martin McKeay’s Network Security Blog: MyDoom.F”Oh no! The virus ate all my pr0n! And my my work files too.” Here are a couple of links to the antivirus sites, and the signature I’m using in Snort. By the way, this…

  2. # Bowulf Infosec & Network Admin Blogon 27 Feb 2004 at 5:47 am

    MyDoom.F deleting work and pr0n - Using Snort to “protect” one’s pr0n

    Martin McKeay’s Network Security Blog: MyDoom.F”Oh no! The virus ate all my pr0n! And my my work files too.” Here are a couple of links to the antivirus sites, and the signature I’m using in Snort. By the way, this…

Trackback URI |