"MyDoom-D" worm poses no problem for Sophos users

February 11, 2004 Sophos Press Release

Sophos virus experts have reassured customers that they are already protected against the worm some anti-virus vendors are calling "MyDoom-D".

Sophos products can detect "MyDoom-D" using the W32/MyDoom-A update released on 27 January. MyDoom-D is only marginally different from the original MyDoom worm, replacing the text "Mail transaction failed" with "ROFL HELLO SAM HOWS UPZ".

"Some anti-virus vendors have had to release updates to protect against what they are calling MyDoom-D. However, this is only a very slightly altered version of the original MyDoom worm, and Sophos's anti-virus products pro-actively detect it without requiring additional updates," said Graham Cluley, senior technology consultant for Sophos. "The only real difference between the original MyDoom worm and this minor alteration is that some script kiddie has used a hex editor to shove a childish greeting inside the worm."

Sophos has published more information about the MyDoom worms