This information obtained from...
The U. S. Department of Homeland Security
US Computer Emergency Readiness Team
MyDoom.B Rapidly Spreading
Mydoom.B is a new variant of the Mydoom worm and is about 29,184
bytes. This variant attempts to perform a Distributed Denial of
Service (DDoS) attack against Microsoft.com. Details regarding this
new worm are still emerging, but it has been validated as spreading in
the wild. Facts about the worm will be further qualified with follow
up reports following this initial analysis. <
Once activated, this virus will overwrite the HOSTS file located at
%WINDIR%\system32\drivers\etc\hosts.
At least one version of this worm has been observed to write the
following data to this file
127.0.0.1 localhost localhost.localdomain local lo
0.0.0.0 0.0.0.0
0.0.0.0 engine.awaps.net awaps.net www.awaps.netad.doubleclick.net
0.0.0.0 spd.atdmt.com atdmt.com click.atdmt.com clicks.atdmt.com
0.0.0.0 media.fastclick.net fastclick.net www.fastclick.net ad.fastclick.net
0.0.0.0 ads.fastclick.net banner.fastclick.net banners.fastclick.net
0.0.0.0 www.sophos.com sophos.com ftp.sophos.com f-secure.com www.f-secure.com
0.0.0.0 ftp.f-secure.com securityresponse.symantec.com
0.0.0.0 www.symantec.com symantec.com service1.symantec.com
0.0.0.0 liveupdate.symantec.com update.symantec.com updates.symantec.com
0.0.0.0 support.microsoft.com downloads.microsoft.com
0.0.0.0 download.microsoft.com windowsupdate.microsoft.com
0.0.0.0 office.microsoft.com msdn.microsoft.com go.microsoft.com
0.0.0.0 nai.com www.nai.com vil.nai.com secure.nai.com www.networkassociates.com
0.0.0.0 networkassociates.com avp.ru www.avp.ru www.kaspersky.ru
0.0.0.0 www.viruslist.ru viruslist.ru avp.ch www.avp.ch www.avp.com
0.0.0.0 avp.com us.mcafee.com mcafee.com www.mcafee.com dispatch.mcafee.com
0.0.0.0 download.mcafee.com mast.mcafee.com www.trendmicro.com
0.0.0.0 www3.ca.com ca.com www.ca.com www.my-etrust.com
0.0.0.0 my-etrust.com ar.atwola.com phx.corporate-ir.net
This will have the effect of making these sites unreachable for any
application that uses domain names, including most anti-virus update
programs, electronic mail, HTTP, and FTP.
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.