Novell is now a part of Micro Focus

BorderManager Defeats MyDoom.M Worm

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 29 Jul 2004

The recent MyDoom.M mail virus, tricked thousands of computer users into spreading a flood of bogus e-mail messages. Internet search sites such as Google, Lycos, Yahoo, and AltaVista were knocked off line for several hours.

There was a silver lining to this cloud for Novell and its engineering teams, however. When other mail servers couldn't defend themselves against the MyDoom virus, Novell BorderManager 3.7 and 3.8 mail proxies spared a number of customers and clients from this attack.

Recognizing and Dealing with MyDoom.M

The MyDoom virus is a mass-mailing worm. Its e-mails typically appear with the following characteristics ( represents the recipient's domain name):

From: (spoofed)
Examples :
[Spoofed to appear as though it is coming from a valid address at the recipient's domain]

Subject (varies) examples : Mail System Error - Returned Mail Returned mail: see transcript for details

Mail Body (varies)
[Your email account was used to send a huge amount of unsolicited email messages during this week. Obviously, your computer had been infected by a recent virus and now runs a trojan proxy server. We recommend you to follow our instruction in order to keep your computer safe.

Sincerely yours,
The support team.]

Attachment (varies) examples

Do NOT run the attached .zip file, as that will spread the virus. Instead, delete that type of e-mail from both your mailbox and the trash.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates