 |
 New variant of MyDoom virus strikes again, major search engines slowed
July 27, 2004
The now infamous MyDoom virus is back on Monday, this time with the modification of MyDoomO (known also as MyDoom.M, MyDoom.M@mm), the 15th variant of the original MyDoom worm, which ravaged the Internet in January. The new worm is little different from its predecessors in most of its behaviors and characteristics. But its one distinguishing feature is that it uses search engines to find new victims to infect. This may have been the case for the delays that hit most of the popular search engines on Monday, including Google, AltaVista and Yahoo.
Once the worm infects a machine, it searches the PC for e-mail addresses and then begins mailing itself out. But it also uses the search engines to find other valid e-mail addresses in the same domains as the ones it finds on the infected machine.
W32/MyDoom-O is a mass-mailing worm which spreads by e-mailing itself via its own SMTP engine. The worm also allows unauthorized remote access to the computer via a network. It copies itself to the Windows folder as java.exe and drops its backdoor component as the file services.exe in the same folder.
The worm attempts to fool users into opening the infected attachment by including a message that informs them that their PCs have been sending out large amounts of spam recently and may be hosting a spam proxy.
Security experts are unsure how many systems were infected with the MyDoom variant. However, E-mail security services firm MessageLabs reported intercepting nearly 600,000 infected E-mails in roughly 24 hours ending Tuesday morning. Infections seem to have slowed down since them, the company says.
"If your computer were infected and launching these (DoS) attacks you might not know it," said Computer Associates security expert Sam Curry. "It would probably become a little sluggish, and that underscores why users should keep up to date on keeping their computers secure," he added.
Users need to be aware of the weaknesses in their systems at all times, Curry says - not just during the frenzy of outbreaks. "Just because the return address looks like it came from a friend doesn't make it safe," he noted. The capabilities of worms should be expected to increase. "Look at the Sasser worm," Curry said. "It could infect a computer without even opening an attachment. Users need to be ahead of the game."
PC users are recommended to regularly update their antivirus software, install a firewall to protect network traffic and visit Microsoft's Windows Update Service.
|
|
