Worm MyDoom.BQ

It has been observed that another variant of MyDoom worm known as MyDoom.BQ (Symentac) with aliases: Mytob-AU (Sophos), and mytob.eg (Trend Micro) is spreading in the wild rapidly. It is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. It also turns off anti virus applications, allows access to the computer using backdoor and can be controlled through the IRC Network. It gathers target email addresses from the Temporary Internet Files folder, Windows address book (WAB), as well as from files with certain extension names. It may also generate email addresses by using a list of names and any of the domain names of the previously gathered addresses.

For further details and instructions regarding disinfection refer to following URLs:

• http://secunia.com/virus_information/17859/mydoom.bq/
• http://www.trendmicro.com/vinfo/virusencyclo/
  default5.asp?VName=WORM%5FMYTOB%2EEG&VSect=P
• http://www.sophos.com/virusinfo/analyses/w32mytobau.html
• http://www.sarc.com/avcenter/venc/data/w32.mydoom.bq
  @mm.html

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91 11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003