Well, it looks like Symantec added protection for the strain that I reported here on Friday. The Dat file that protection was added appears to be the 18 Feb 2005 Dat file. Actual name of the strain found was W32.Mydoom.AZ@mm (Symantec's naming) or W32/Mydoom.bd@mm!zip (McAfee's naming). Protection must have been added after I went home. I notice that Postini (which uses McAfee's AV) started catching emails with the virus around 5:21 PM PST.
So this is just another reminder how even the best antivirus protection is not absolute. This virus made it through 2 zones of protection by 2 different AV vendors on Friday. And to boot, because the message looked like an email failure, it got me to open and activate the payload. Not the smartest thing I've ever done, but luckily the damage that this particular virus does is minimal.
Next time I don't expect to be so lucky and will have to be a bit more vigilant.
Recent Comments