============================================================

VIRUS ADVISORY: W32/Mydoom.ah@MM – Medium Risk

————————————————————

Current VirusScan users with DAT 4405 are protected from

this threat. Learn more about W32/Mydoom.ah@MM here:

http://us.mcafee.com/root/campaign.asp?cid=12640

FreeScan checks for W32/Mydoom.ah@MM.

Scan now:

http://us.mcafee.com/root/campaign.asp?cid=12641

============================================================

–> What is it?

W32/Mydoom.ah@MM is a Medium Risk mass-mailing worm that

exploits a “buffer overflow vulnerability” in Microsoft

Internet Explorer to spread from computer to computer using

stolen email addresses. Web links (e.g., “see my homepage”)

in the spam messages point to infected systems, which then

download the virus onto new victims’ machines. Unlike earlier

Mydoom variants, W32/Mydoom.ah@MM forwards no attachments.

Up-to-date McAfee VirusScan users with DAT 4405 are protected

from this threat. Note: McAfee also recommends regularly

updating your Windows operating system with the latest

security patches from Microsoft.

–> What should I look for?

FROM: Spoofed.

SUBJECT: Varies. Examples: hi!, hey!, Confirmation

BODY: Varies. Examples:

– Congratulations! PayPal has successfully charged $175 to

your credit card. To see details please click this link.

– Hi! I am looking for new friends. I am from Miami, FL. You

can see my homepage with my last webcam photos!

ATTACHMENT: None.

–> How do I know if I’ve been infected?

When run, the virus creates a file in the WINDOWS SYSTEM

(%WinDir%\system32) directory with a random filename that

ends in 32.exe.

–> How do I find out more?

View details about W32/Mydoom.ah@MM here.

http://us.mcafee.com/root/campaign.asp?cid=12640