More on MyDoom. The worm gets smarter.
A new, nastier variant of the MyDoom worm has been released and is beginning to spread across the Internet, according to antivirus experts.
This worm, as noted before, attacks SCO.com (which is already down) and Microsoft.com. However, this new variant changes system files to block antivirus websites from sending virus updates. This is a smart, devious program written by a pro who knew exactly what he was doing.
I just noticed my spam catcher, CloudMark Spam Net, is now flagging the worm as spam and putting in the spam folder so I never see it. This is good! What is not so good is the virus is now, and I think this is new behavior, sending itself to made-up names.
For example, the only valid email address at polizeros is bob at polizeros. However the worm is now sending itself to brenda, brian, brent, etc. at polizeros.com. This is a spammer trick, sending email to zillions of made up addresses on the theory that some will end up being real. And I was getting all of them, because my email setting was to accept all mail to polizeros.
So, I changed my email settings on the server so any email not specifically to me is deleted at the server. If you know how to make such changes, I suggest you do so too.