Though still relatively unknown, MyDoom.f is believed to be slowly spreading via infected e-mail attachments. As with its predecessors, this worm
launches an attack on websites designed to overwhelm the sites with data and cause them to become unavailable. This variant attacks both www.riaa.com
In addition to the denial of service attack on the RIAA and Microsoft, this virus also does the following damage to a computer:
1. Opens a backdoor on the machine, allowing an attacker full access to the computer..
2. Deletes files with the following extensions: .bmp, .jpg, .avi, .sav, .xls, .doc, .mdb. These are graphics/photo files, movie files, Microsoft
Access, Excel & Word documents, and saved game files.
3. Shuts down anti-virus programs such as Norton and McAfee.
As with the first MyDoom virus and its variants, MyDoom.f collects e-mail addresses on the infected computer and sends copies of itself with its own
mail engine. The email subject and message are varied, but the grammar in the messages has improved slightly from previous versions. This could lead
to more people opening the infected attachment, as it appears to be a more "valid" e-mail.
MyDoom.f was discovered late Thursday, 2/19/04.
The original MyDoom virus, which infected as many as 2 million computers and is called the biggest computer virus ever, was discovered on 1/26/04.