TROJAN: MyDoom Backdoor Communication
This signature detects the MyDoom backdoor Trojan. MyDoom set up on several TCP ports (80,3127-3130). Upon receiving a specially formatted packed, MyDoom automatically executes whatever code it receives through its listening port. Users that are running SOCKS proxies on TCP port 1080 should be aware that MyDoom can send packets on this port and should consider editing the attack object to reduce false positives.
Extended Description
MyDoom is a worm that infects vulnerable Windows operating systems. It propagates through e-mail using its own Simple Mail Transfer Protocol (SMTP) engine.
Short Name
TROJAN:MYDOOM:MYDOOM-TROJAN
Severity
Major
Recommended
False
Recommended Action
None
Category
TROJAN
Keywords
Backdoor CVE-1999-0660 Communication MyDoom
Release Date
01/29/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
Port
TCP/3127-3198
False Positive
Occasionally
CVSS Score
8.8