The MyDoom bug was already a pain in the byte without this: a new variant believed to be spreading by way of promising access to password-protected adult Websites and harvesting e-mail addresses from your machine once you're fool enough to fall for the promise.
Internet security and antivirus firm F-Secure said the porn promising MyDoom variant, known as MyDoom.AI or I-Worm.MyDoom.AE, was spotted January 15. The new variant leaves behind a Trojan horse letting a compromised machine be controlled by hackers from anywhere.
The new MyDoom also tries spreading itself through peer-to-peer file-swapping networks, F-Secure said.
"Like previous MyDooms, the latest variant arrives in an email with various types of messages, with exe, scr or pif attachments or a Zip file attachment," the company said in a formal announcement. "Some mails arrive containing sexually explicit images and claim that the attachment contains passwords for adult Websites, relying on one of the simplest social engineering tricks to try and get readers to click on the infected attachment."
Infected emails also masquerade as returned emails with the attachment described as a partially recovered message or as converted Unicode or ASCII text, F-Secure added.
MyDoom.AI/I-Worm.MyDoom.AE is the 35th variant of the bug since its original code first turned up eleven months ago.
This is the 35th variant of the MyDoom virus, making it one of the most popular choices for virus writers. The original code first surfaced in February 2004.
The new, porn-teasing MyDoom variant was discovered just days after other security experts uncovered a mass e-mail worm, Wurmark-D (W32/Wurmark-D), offering a porn photograph as a Happy New Year greeting.
The unwitting e-mail recipient who opened the attachment to that message's benign-looking New Year's greeting got a nude awakening according to security/antivirus firm Sophos: Wurmark would launch and start by showing graphic images of naked men and woman contorting to form HAPPY NEW YEAR, at which point the worm installed in the depth of the affected computer and began to forward itself.
"Once activated, this worm will harvest your computer hunting for other email addresses to send itself to, and try and turn off antivirus software," said Sophos senior technology consultant Graham Cluley in a statement. "Anyone who forgets to exercise caution before running this unsolicited email attachment could be in for a rude awakening."
