The W32.Mydoom.G@mm worm:

Is a mass-mailing worm that opens a backdoor on TCP ports 80 and 1080
Can download and execute arbitrary files
Performs a Denial of Service (DoS) against www.symantec.com.

The worm arrives as an attachment with the file extension .bat, .com, .cmd, .exe, .pif, .scr, or .zip. The From: line of the email may be spoofed.

Also Known As: W32/Mydoom.g@MM [McAfee]

Type: Worm
Infection Length: approx 20 KB

When W32.Mydoom.G@mm is executed, it does the following:


Creates a mutex, "<string>theta," where <string> is a function of an infected computer's name. This allows only one instance of the worm to execute in memory.


May create a file in the %Temp% folder that contains randomly generated data. The worm opens the file with Notepad.exe.

Read more:http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.g@mm.html