EVRT™ Virus Warning issued for Worm/MyDoom

Name: Worm/MyDoom
Alias: W32.MyDoom@mm
Type: Internet Worm
Discovered: January 26, 2004
Size: 22.528KB
Platform: Windows 95/98/Me/NT/2000/XP


Description:

Worm/MyDoom is an Internet worm that has been seen spreading
through email. The worm is currently under further analysis.

The worm arrives through e-mail in the following format:

Subject: <varies - some observed subjects include>

- Test
- test
- Status

Body: <varies - some observed body messages include>

- The message cannot be represented in 7-bit ASCII encoding and has been
sent as a binary attachment.
- Mail transaction failed. Partial message is available.
- test

Attachment: <varies - some observed attachments include>

- document.zip
- document.pif
- doc.scr
- message.pif
- readme.exe
- file.zip
- message.zip
- oia.zip
- text.zip

If executed, the worm will first pop open a session of
notepad containing garbage text.

Then, it will copy itself in the \windows\%system% directory
under the filename "taskmon.exe".

So that it gets run each time a user restart their computer
the following registry key gets added:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
TaskMon=C:\Windows\System\taskmon.exe