Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable What You Should Know About the Mydoom Worm =20 Microsoft.com Home | Site Map=20 =20 =20 Search Microsoft.com for: =20 =20 =20 Security & Privacy Home =20 Trustworthy Computing =20 Home Users =20 IT Professionals (TechNet) =20 Developers (MSDN) =20 Businesses =20 Partners =20 Microsoft Privacy Policies =20 Worldwide Security Sites =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 Security & Privacy Home > Antivirus Information=20 =20 What You Should Know About the Mydoom Worm Published: January 27, 2004 =20 Why We Are Issuing This Alert W32/Mydoom@MM spreads through e-mail. This worm can disguise = the sender's address, a tactic known as spoofing, and may generate = e-mail messages that appear to have been sent by Microsoft. Many of the = addresses Mydoom uses are valid addresses that are being spoofed for = malicious purposes. Technical information about the virus is available from = antivirus vendors participating in the Microsoft Virus Information = Alliance (VIA). The Mydoom worm is also known by the names Novarg, = Shimg, and Mimail.R. If you ever receive a questionable e-mail message that = contains an attachment, do not open the attachment. If you cannot = confirm with the sender that the message is valid and that the = attachment is safe, delete the message immediately. If you receive a = questionable message that purports to be from Microsoft, you should be = aware that Microsoft never distributes software through e-mail. Affected Products=20 a.. Microsoft=AE Outlook=AE=20 b.. Microsoft Outlook Express=20 c.. Web-based e-mail programs=20 =20 How to Help Protect Against This Worm To avoid infection, you should block harmful attachments at = your Internet mail gateways. For this worm, block all attachments with = the .zip extension. Additionally, you should use the features in the = latest versions of Outlook and Outlook Express to block harmful = attachments. For Outlook 2000 and Outlook XP Outlook 2000 Service Pack 3 (SP3) and later and Outlook XP = SP1 include the most recent updates to improve the security in Outlook = and other Microsoft Office programs. This includes a feature that blocks = potentially harmful attachment types. This feature can be configured to = block zip file attachments but does not do so by default. a.. Get the latest Office product updates=20 By default, Outlook 2000 prior to Service Release 1 (SR1) = and Outlook 98 did not include this feature, but it can be obtained by = installing the Outlook E-Mail Security Update. a.. Get the Outlook E-Mail Security Update=20 For Outlook 2002 a.. Learn which attachment types are blocked in Outlook = 2002=20 For Outlook Express 6 Outlook Express 6 can be configured to block potentially = damaging attachments. a.. Learn about virus protection features in Outlook = Express 6=20 For Earlier Versions of Outlook Express Earlier versions of Outlook Express contain no = attachment-blocking features. Users of these products are strongly = encouraged to upgrade to the latest version and to use extreme caution = when opening unsolicited e-mail messages with attachments. For Web-Based E-Mail If you use Web-based e-mail, you should install a = third-party firewall to help protect your computer from this worm. What to Do If You Think Your Computer Is Infected 1.. If you think your computer is infected, first try = going to your antivirus software vendor's website to get the latest = updates. You might be able to update your virus definitions to detect = and remove the virus. Going forward, be sure to keep your virus = definitions current to avoid infection.=20 2.. If your computer has been infected and you need = technical assistance, contact your antivirus vendor or Microsoft Product = Support Services for help removing the worm.=20 a.. For Microsoft Product Support Services within the = United States and Canada, call toll-free (866) PCSAFETY (727-2338).=20 b.. For Microsoft Product Support Services outside the = United States and Canada, visit the Product Support Services Web page.=20 Get More Technical Details Get additional details on this worm from antivirus software = vendors participating in the Microsoft VIA: a.. McAfee=20 b.. Trend Micro=20 c.. Symantec=20 d.. Computer Associates=20 What the Severity Ratings Mean Critical. A vulnerability related to a Microsoft product has = been found, or an update is unavailable; two or more vectors of = infection are known; a new vector of infection is possible; the = distribution potential is high; unique data destruction can occur; and a = significant disruption of service has occurred. Moderate. A potential vulnerability related to a Microsoft = product has been found; two or fewer vectors of infection are known; a = new vector of infection is possible; the distribution potential is = medium to high; unique data destruction has not occurred; and = significant disruption of service has not occurred. Low. Vulnerabilities related to Microsoft product have not = been found; only one vector of infection is known; new vectors of = infection have not been found; the distribution potential is low; unique = data destruction has not occurred; and significant disruption of service = has not occurred. =20 Severity =20 =20 -------------------------------------------------------- =20 Impact of Attack a.. Mass mailing=20 =20 =20 =20 Related Links a.. Technical Virus Alerts=20 =20 =20 =20 Glossary Terms Click the term to get the definition from our = Security and Privacy Glossary. a.. spoof=20 b.. Trojan horse=20 c.. virus=20 d.. worm=20 =20 =20 =20 =20 =20 =20 Manage Your Profile |Contact Us |E-Mail This Page =A92004 Microsoft Corporation. All rights reserved. Terms of Use = |Privacy Statement=20 =20 To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk