Panda Software Warn of the New R Variant of Mydoom

· The new TruPrevent Technologies, “The most intelligent technologies to combat unknown viruses and intruders,” have effectively detected and blocked this new variant of Mydoom, without needing to be able to identify it first
· Mydoom.R spreads via email in a message with the subject photos and an attachment called PHOTOS_ARC.EXE

Panda Software has detected the appearance of the R variant of the well-known Mydoom worm. This new version has started to spread and infect numerous users. The large number of incidents reported involving Mydoom.R has prompted Panda Software to declare an Amber Alert. Panda Software clients who already have the new TruPrevent Technologies installed have enjoyed preventive protection from this new virus, as they can detect and block it without needing to be able to identify it first (more information about the new TruPrevent Technologies at www.pandasoftware.com/truprevent).

Mydoom.R spreads via email in a message with the following characteristics:

Sender: Mydoom.R spoofs the address that appears as the sender of the message that carries out the infection. The names that can appear as the sender of the message are: adam, alex, alice, andrew, anna, bill, bob, brenda, brent, brian, claudia, dan, dave, david, debby, fred, george, helen, jack, james, jane, jerry, jim, jimmy, joe, john, jose, julie, kevin, leo, linda, maria, mary, matt, michael, mike, peter, ray, robert, sam, sandra, serg, smith, stan, steve, ted and tom.

The subject is “photos’ and the message body is “LOL!;))))’. The attachment is called “PHOTOS_ARC.EXE’, is 27 KB in size and written in version 6 of Visual C. When the user runs the infected file, the computer will be infected. Mydoom.R also looks for email addresses in files with certain extensions and sends a copy of itself to all the addresses it collects, therefore it could spread even more rapidly over the next few hours.

Luis Corrons, head of PandaLabs explains, “Mydoom.R, a new variant of the worm that emerged in January this year, is yet another attempt by virus authors to cause damage to users’ computers by tricking them with social engineering techniques. Mydoom.R sends a file that supposedly contains photos in order to trick the user into opening the file and infect as many computers as possible.”

In order to avoid falling victim to Mydoom.R, Panda Software advises users to take precautions and keep their antivirus software updated. The company has already made the updates to its products available to its clients to ensure their solutions can detect and eliminate this new malicious code.