MA-067.022004: MyCERT Special Alert - W32.MyDoom.A@MM worm Infected Emails from Spoofed Email Address of MyCERTOriginal Issue Date: 6th February 2004
Lately we have been receiving feedbacks from Internet users saying that they are receiving the W32.Mydoom.A@MM worm infected emails coming from MyCERT's email address which is .
FYI, the W32.Mydoom.A@MM worm has the capability to spoof email addresses found in the infected machine's Address Book. The worm uses any of the email addresses found in the address book and use that address to send out infected emails with a copy of itself to others.
Detail on the W32.Mydoom.A@mm worm is available at:
One need to analyze the full header of the infected email received and check on the originating IP address of the email. The originating IP address in the full header indicates the actual infected machine.
To understand and to retrieve a full header, please refer at:
Thus, we advise users who receive worm infected emails coming from MyCERT's Email address please ignore it and do not misunderstand that MyCERT's machine has been infected with the W32.Mydoom.A@mm worm.
MyCERT advise users to forward the full header of the infected email for our analysis so we can inform the infected party accordingly.
MyCERT can be reached for further assistance at: