New MyDoom Email Virus Reported

Anti-virus vendors report a false email is being used to distribute a new virus. The infected email includes a link to an infected Web server. Clicking on the link will exploit an Internet Explorer buffer overflow vulnerability. According to initial reports, there is no specific Microsoft patch for this Internet Explorer vulnerability at this time; however, computers using Windows XP with Service Pack 2 applied are not vulnerable to this exploit. Vulnerable operating systems include but may not be limited to Windows XP/Service Pack 1 and Windows 2000.

The infected message originates from a spoofed email address and may have a subject line of hi, hey, hello, funny photos, confirmation or be blank. The email message may contain text about a false PayPal transaction or ask you to click on a link to view a web camera or adult content.

Users are advised NOT to click on the Web link and, instead, delete the message. Users are also advised to download the latest update from their anti-virus vendor.

More information: http://vil.nai.com/vil/content/v_129631.htm http://www.kb.cert.org/vuls/id/842160