Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 TROJAN:MYDOOM:MYDOOM-TROJAN

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 TROJAN

Keywords

 mydoom trojan backdoor virus attachment

Release Date

 2004/01/28

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN: MyDoom Backdoor Communication


This signature detects the MyDoom backdoor Trojan. MyDoom set up on several TCP ports (80,3127-3130). Upon receiving a specially formatted packed, MyDoom automatically executes whatever code it receives through its listening port. Users that are running SOCKS proxies on TCP port 1080 should be aware that MyDoom can send packets on this port and should consider editing the attack object to reduce false positives.

Extended Description

MyDoom is a worm that infects vulnerable Windows operating systems. It propagates through e-mail using its own Simple Mail Transfer Protocol (SMTP) engine.

References

  • CVE: CVE-1999-0660
  • URL: http://www.f-secure.com/v-descs/novarg.shtml
  • URL: http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html
  • URL: http://us.mcafee.com/virusInfo/default.asp?id=mydoom

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out