MyDoom.F Deletes Files, Adds RIAA to DDoS Targets

The newest version of MyDoom deletes Microsoft Word and Excel documents from a victim's hard drive, along with images and videos. MyDoom.F was discovered Feb. 20 and spread slowly at first, but is prompting increased warnings from security vendors as it begins to spread more widely.

Like its predecessors, MyDoom.F has its own SMTP engine and spreads through e-mail attachments, and is programmed to launch denial of service attacks on web sites. The DDoS component of MyDoom.F targets www.microsoft.com and www.riaa.com (the Recording Industry Association of America)

MyDoom.F also opens a backdoor on the victim's computer, using port 1080. Some analyses suggest that it also opens a backdoor on multiple ports between 3000 and 5000 and disables antivirus software.

Widespread awareness of MyDoom-related threats has focused fresh attention on the basics of e-mail security, particularly regarding the opening of attachments. That should work to check the spread of MyDoom.F, as will its more destructive payload, which makes it harder for the malware's activity to go unnoticed for very long on compromised machines.