 |
 MyDoom worm is clogging Internet
January 27, 2004
The virus, dubbed MyDoom (also known as "Novarg"), was first confirmed at around 4 p.m. EST by technicians at Network Associates Inc., which produces and maintains the McAfee antivirus program. It said the virus affects all Microsoft Windows operating systems except for 3.x
The worm-type virus is contained in an innocuous-looking e-mail attachment and degrades performance on the computer and is spreading faster than Sobig-F, the most widespread email worm of 2003.
The icon used by the file tries to make it appear the attachment is a text file, according to Network Associates' notice. It then copies itself to the local system, then scans local computer for e-mail addresses and sends itself all of them.
Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by promising nude pictures of celebrities or whatever stuff, typical for these type of mails. Instead, the message appears to be an error report stating that the message body can't be displayed and has instead been attached in a file.
"Because that sounds like a technical thing, people may be more apt to think it's legitimate and click on it," said Steve Trilling, Symantec's senior director of research.
The virus also appears to have a keystroke-logging capability, meaning that somebody can actually take over your PC and also opens TCP ports on infected machine, providing attackers with ability to remotely gain control over it.
The origin of the virus is not known yet, but it is supposed to have come from North America or Europe.
Last summer, SoBig quickly tied up e-mail systems and slowed down networks but did not damage computers or their data. It followed similar earlier attacks by viruses called LovSan and Blaster. Unlike them, MyDoom is supposed to launch the Denial of Service attack against www.sco.com Web site. On February, 1st the on each of the infiltrated machines, virus will create 64 process threads that will be sending GET requests to that Web site until February, 12th.
Advisories issued by antivirus and security companies suggest a remedy of disabling unnecessary network services, monitoring open ports and disallowing remote access on affected systems. At the present time, major vendors had already updated virus definitions to inch out the worm.
Microsoft also had offered a patch for its Outlook e-mail software to warn users before they open potentially dangerous attachments or prevent them from opening them altogether.
According to the security analysts claim that the virus will be spreading for a couple of days before it gets to the point at which it won't have any impact and expect the millions of infected e-mails sent around the world, and possibly hundreds of thousands of machines infected worldwide.
|
|
