Fortinet Fights MyDoom

Fortinet protects against latest MyDoom variant

November 11, 2004

1 Min Read

SUNNYVALE, Calif. -- Fortinet - the confirmed market leader in Unified Threat Management and only provider of ASIC-accelerated, network-based antivirus firewall systems for real-time network protection - today announced that its FortiGateT systems protect against the latest MyDoom worm variant, W32/Mydoom.AH-mm, also known as Bofra B. The latest MyDoom variant, which is similar to the previous MyDoom worm named W32/Mydoom.AG-mm and also known as W32/Bofra.C, uses the same infection vector targeting pre-Windows XP Service Pack 2 machines, including machines running general Microsoft Windows and systems offering TCP services.

W32/Mydoom.AH-mm is a mass-mailing worm that implements a Microsoft Internet Explorer IFRAME buffer overflow vulnerability. The worm sends an email to targets, including a hyperlink to the infected system. If recipients of the message follow the hyperlink, the infected system then delivers exploited HTML content, downloads a copy of the virus to the target's machine and runs the virus. Fortinet currently rates the latest MyDoom variant a Level One worm, but notes it has the potential to be a higher threat in the future.

Fortinet issued the following new signatures to help block the buffer overflow by the latest MyDoom variant:

103022610 IE.IFRAME.BufferOverflow.A
103022611 IE.IFRAME.BufferOverflow.B
103022612 IE.IFRAME.BufferOverflow.C
103022613 IE.IFRAME.BufferOverflow.D


Fortinet Inc.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like