17 Feb A rose by any other name? Mydoom.bb? Aleks
15 Dec No holiday for Mydoom Costin Raiu
12 Nov Yet another Bofra variant Costin Raiu
10 Nov New Mydoom variants now called Bofra Aleks
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
The supposedly new version of Mydoom that is being discussed today is not new at all. We have been detecting it since July 26, 2004.
We detect the email worm some av vendors are calling version Mydoom.bb as Email-worm.Win32.Mydoom.m. The so-called new version is the same worm only only packed with a different packer - this time it was MEW, whereas in the summer it was UPX.
We've intercepted a few samples of a new Mydoom variant this morning.
Infected messages contain the texts "Mery Chrismas & Happy New Year! 2005 will be the beginning!" and "Happy New year and wish you good luck on next year!". So far it doesn't seem to be an outbreak, but we are monitoring it closely.
Detection has been made available with the latest antivirus database update as "Email-Worm.Win32.Mydoom.ad".
A new Bofra variant has been reported. We already detect it generically as "I-Worm.Bofra.gen". The new variant has a distribution node located at the following URL:
Just like we did with previous Bofra variants, we are talking to narod.ru adminstrators to take the site offline ASAP.
I-Worm.Mydoom.ad, which we detected yesterday, and its modification Mydoom.ae, which we detected today, have both been renamed in our antivirus databases as I-Worm.Bofra.a and .b.
These worms used the source code of Mydoom, but most virus analysts agree that they are actually a new family. And we agree with this opinion.
P.S. We have just detected another modification of this worm, which will be named I-Worm.Bofra.c.