FBI tackles new virus
2004-01-28 07:41
Washington - The FBI said on Tuesday it was launching a probe into the MyDoom internet virus that was clogging computer networks around the world.
"We are aware of it and we are actively investigating," FBI spokesperson Paul Bresson said.
The FBI last year arrested at least two people believed responsible for the "Blaster" virus that created havoc on the internet and have been hunting for authors of the SoBig worm, which paralysed some portions of the internet last year.
For the new virus, Bresson said, "We have not done a full assessment, but it's serious enough to warrant the FBI to look into this."
Fastest-speading
Some analysts were comparing the new virus to SoBig and said it could be the fastest-speading worm thus far.
"Initial indications are that MyDoom is propagating as fast as SoBig.F," said Scott Chasin, chief technology officer at US-based security firm MX Logic.
The company has seen a peak at 1 200 infected e-mails per second, making it a "critical threat", according to a statement from MX Logic.
Some analysts said users were opening the attachments and spreading the virus because the e-mails appeared innocuous, sometimes referring to failed mail deliveries.
The New York-based security firm MessageLabs said it intercepted some 1.8 million copies of the virus.
MessageLabs marketing chief Brian Czarny said it was unclear how many copies of the virus were sent, but that the impact was similar to that of the SoBig worm last August.
This virus was found in one of every 12 e-mails, while SoBig was one in every 17," he said.
Prepared
While both viruses clogged networks and e-mail servers, Czarny said network administrators appeared more prepared now to cope with the worm.
As for the motive of the virus creators, Czarny said it could be an effort to deliver a flood of spam, or unwanted e-mails, in an effort to generate profits, or it could be an "ideological" attack to promote free or "open-source" software systems.
The new bug was first spotted on Monday and had infected hundreds of thousands of computers around the world by Tuesday morning, said Mikael Albrecht of the Finnish virus security firm F-Secure.
"It's a traditional e-mail worm that spreads very rapidly, also through the content of the Kazaa peer-to-peer network," Albrecht said.
Kazaa is a popular file-sharing service that lets internet surfers share content such as games, movies and music with each other for free.
Bounty
The bug also uses the e-mail addresses stored on infected computers to replicate itself and spread further, Albrecht pointed out.
Its main purpose, he said, is to attack and overload the website of one of the world's biggest vendors of the Unix operating system, a competitor to Microsoft Windows.
The bug's secondary function is to provide its author with a "back door" to the infected computers to control them remotely, possibly to co-ordinate an attack, analysts said.
Meanwhile, the apparent target of the virus, Unix operating system owner SCO Group, said it was offering a $250 000 reward for information leading to the arrest and prosecution of the virus creators.