As of Aug 16, 2004 12:10 AM (GMT -7:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_RATOS.A. TrendLabs has received several infection reports indicating that this malware is spreading in Japan, Korea and the United States.
This worm spreads via email with the following details:
Message body: LOL!;))))
Upon execution, it drops a copy of itself as the following files:
(Note: %System% refers to the Windows system folder, which is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows 2000 and NT, and C:\Windows\System32 on Windows XP. Note: The Windows system folder is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows 2000 and NT, and C:\Windows\System32 on Windows XP.)
It downloads copies of a backdoor component file from several URLs and saves it as WINVPN32.EXE in the Windows folder.
This worm usually arrives UPX-compressed and runs on Windows 95, 98, ME, NT, 2000, and XP.
The latest version of the MyDoom worm spreads via
email disguises as a collection of funny photographs.
Find out more now and ensure you are protected.
The MyDoom-S worm arrives in an email with the following characteristics:
Subject line: photos
Message text: LOL!;))))
Attached file: photos_arc.exe