As of February 16, 2005, 05:31 PM (GMT - 08:00, Pacific Standard Time) TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_MYDOOM.BB.
Trendlabs received numerous infection reports indicating that this malware is spreading in Singapore and U.S. This worm was previously detected as WORM_MYDOOM.M.
It has very similar characteristics as with WORM_MYDOOM.M. However, this new MYDOOM worm comes compressed with MEW compression tool, whereas WORM_MYDOOM.M is compressed using UPX.
Like earlier MYDOOM variants, this worm spreads via email through SMTP (Simple Mail Transfer Protocol), gathering target recipients from the Windows Address Book, the Temporary Internet Files folder, and certain fixed drives. It uses social engineering techniques by sending out email messages with a spoofed sender's name and poses as a failure delivery notification. The email message it sends has varying subjects, message bodies, and attachment file names.