Regarding the latest worm .. beware!

%(rem)I sent this message to several people in my addressbook. However, their ISPs see it as a virus. Very nice. :)%

Dear all,

You might have heard bits and pieces regarding the latest worm-series called “MyDoom” (not Avian-Flu). It comes to you via e-mail and it spreads very rapidly. Here’re the characteristics of the worm-infected e-mail you’ll need to look for:

Sender’s address:

bq.. random


Message header: (chosen at random from the following list)

bq.. test hi hello Mail Delivery System Mail Transaction Failed Server Report Status Error


Message body: (chosen at random from the following list)

bq.. test

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

sendmail daemon reported: Error #804 occured during SMTP session. Partial message has been received

The message contains Unicode characters and has been sent as a binary attachment.

This message contains MIME-encoded graphics and has been sent as a binary attachment.

Mail transaction failed. Partial message is available.


Attachment name: (may be one word from the list below, or two words from the list below joined by an underscore)

bq.. document readme doc text file data test message body


The attachment may have one of the following extensions:

bq.. pif scr exe cmd bat


The worm may also send messages with a meaningless selection of characters in the message head, message body or attachment name.

%(source) “Virus List”:

Keep your eyes open and watch out!


One OS to rule them all, One OS to find them, One OS to bring them all, and with its Greatness .. bind them.

“OS X” (Oh-Ess-Ten)

Update (4:13 PM)


Only a couple hours after I posted this entry, I’ve got my first MyDoom. But the hosting provider does a very good job of filtering out the intected file.

Bad thing: I’ll never have any new virus/worm in my collection then. :(