Now this one caught my attention!
http://news.com.com/New+MyDoom+draws+on+IE+flaw+to+spread/2100-7349_3-5443828.html?tag=nefd.top
Instead of relying on an external (compromised) web server, the new version of Mydoom, detected as Mydoom.AG or .AH sets up a webserver on the infected system, pointing others systems back at itself by means of the infected viral email it sends!
The fact that the virus creates a Web server and uses that server to infect other systems is a significant departure from previous versions of MyDoom, and other viruses in general, Schmugar said. - Craig Schmugar @ Mcafee
IT should now be easier to see whos pc infected you, as I would imagine. Just resolve the IP adress of the webservers its pointing you to. Might take some working out who exacty it is.. but its better than those annonymous spoofed 'from' fields..
The new Mydoom uses the recently discovered IFRAME buffer overflow vurlnerablilty in IE.
Mcafee:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631
Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ah@mm.html
Print | posted on Tuesday, November 09, 2004 9:24 AM