English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Incidents|A rose by any other name? Mydoom.bb?

Aleks
Kaspersky Lab Expert
Posted February 17, 09:42  GMT
Tags: Mydoom
0
 

The supposedly new version of Mydoom that is being discussed today is not new at all. We have been detecting it since July 26, 2004.

We detect the email worm some av vendors are calling version Mydoom.bb as Email-worm.Win32.Mydoom.m. The so-called new version is the same worm only only packed with a different packer - this time it was MEW, whereas in the summer it was UPX.

Comment      Link

Virus Watch|No holiday for Mydoom

Costin Raiu
Kaspersky Lab Expert
Posted December 15, 07:07  GMT
Tags: Mydoom
0
 

We've intercepted a few samples of a new Mydoom variant this morning.

Infected messages contain the texts "Mery Chrismas & Happy New Year! 2005 will be the beginning!" and "Happy New year and wish you good luck on next year!". So far it doesn't seem to be an outbreak, but we are monitoring it closely.

Detection has been made available with the latest antivirus database update as "Email-Worm.Win32.Mydoom.ad".

Comment      Link

Virus Watch|Yet another Bofra variant

Costin Raiu
Kaspersky Lab Expert
Posted November 12, 12:39  GMT
Tags: Mydoom
0
 

A new Bofra variant has been reported. We already detect it generically as "I-Worm.Bofra.gen". The new variant has a distribution node located at the following URL:

http://kjh0.narod.ru/

Just like we did with previous Bofra variants, we are talking to narod.ru adminstrators to take the site offline ASAP.

Comment      Link

News|New Mydoom variants now called Bofra

Aleks
Kaspersky Lab Expert
Posted November 10, 15:22  GMT
Tags: Mydoom
0
 

I-Worm.Mydoom.ad, which we detected yesterday, and its modification Mydoom.ae, which we detected today, have both been renamed in our antivirus databases as I-Worm.Bofra.a and .b.

These worms used the source code of Mydoom, but most virus analysts agree that they are actually a new family. And we agree with this opinion.

  • I-Worm.Mydoom.ad is renamed as I-Worm.Bofra.b
  • I-Worm.Mydoom.ae is renamed as I-Worm.Bofra.a

    P.S. We have just detected another modification of this worm, which will be named I-Worm.Bofra.c.

  • Comment      Link