Manualshelf

User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentZyWALL 10/10
111112113114115116117118119120
ZyWALL IDP 10 User’s Guide
Appendix A Introduction to Intrusions 114
MyDoom
MyDoom W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm
that arrives as an attachment with the file extension bat, cmd, exe, pif, scr, or zip. When a
computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127
through 3198, which can potentially allow an attacker to connect to the computer and use it as
a proxy to gain access to its network resources. In addition, the backdoor can download and
execute arbitrary files. Systems affected are Windows 2000, Windows 95, Windows 98,
Windows Me, Windows NT, Windows Server 2003 and Windows XP. Systems not affected
are DOS, Linux, Macintosh, OS/2, UNIX and Windows 3.x.
W32/MyDoom-A is a worm that spreads by email. When the infected attachment is launched,
the worm gathers e-mail addresses from address books and from files with the following
extensions: WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL. W32/MyDoom-A
creates a file called Message in the temp folder and runs Notepad to display the contents,
which displays random characters. W32/MyDoom-A creates randomly chosen email
addresses in the "To:" and "From:" fields as well as a randomly chosen subject line.
Attachment filenames body data doc document file message readme test [random collection of
characters]. Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP.