[Dshield] Return of MyDoom?
Valdis.Kletnieks at vt.edu
Wed Apr 5 17:12:38 GMT 2006
On Tue, 04 Apr 2006 15:35:17 CDT, Laura Vance said:
> Has anyone else seen the return of the MyDoom worm? We hadn't seen
> anything for months, and now we've gotten over 100 since March 31st.
> They're all being blocked, and our virus scanner had updates to cover
> this new one (MyDoom.R) before it hit. It just seems odd for a strain
> that is so old to come back like this.
Most likely, some poor loser on a cablemodem somewhere in Suburbia
actually backed their system up several months ago, and just restored it
after they lost their disk. And now you're seeing where that machine had
an e-mail address at your site on the disk, so it's being targeted.
A quick check shows several hundred Mydoom per week here (stats for last week):
Breakdown by Virus Family:
5171 ZAFI (24.05%)
4872 NYXEM (22.66%)
2655 NETSKY (12.35%)
1461 MYTOB ( 6.79%)
1042 MYTOB-EI ( 4.85%)
579 MYTOB-FO ( 2.69%)
559 MYDOOM-AJ ( 2.6%)
338 MYTOB-BE ( 1.57%)
318 LOVGATE ( 1.48%)
307 MYDOOM ( 1.43%)
It's like Internet herpes - anti-viral products will suppress them, but not
totally prevent outbreaks. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060405/ea33b1c7/attachment.bin
More information about the list