MyDoom: Brace yourself
2004-01-30 12:14
Washington - Computer users and security experts are battling to curb the spread of the Mydoom worm amid concerns of serious after-effects from the worst internet epidemic thus far.
The original MyDoom bug was still propagating worldwide along with a variant called Mydoom.B.
"This is the fastest spreading worm in internet history. It's apparent to us that even with the broad media and industry attention, e-mail users will continue to fall victim to the worm," said Scott Chasin, chief technology officer at MX Logic, a US-based security firm.
"At this point, we still have not seen the peak of the worm's infection. It will be interesting to see what happens over the next few days, especially after the first of February when the worm is expected to execute its denial-of-service payload."
'Success'
Part of MyDoom's "success" is that it - unlike many earlier bugs - poses as an error note with the main text message attached, prompting users to open the attachment to read it, thereby inadvertently launching the virus.
California-based Panda Software said MyDoom.A was still spreading rapidly, even though individual computer users may be seeing fewer infected e-mails.
It said one in every five e-mails is carrying this worm, making four million infected e-mails in circulation.
"Mydoom.A is not reaching higher rates because of the security measures that companies have adopted after being infected", explains Luis Corrons, director of PandaLabs. "But it isn't stopping either, as it is now attacking companies without protection that survived the first wave of infected messages."
Mikko Hyppoenen, of the Finnish anti-virus firm F-Secure, told AFP that "over 40% of the internet traffic now consists of infected e-mails generated by the first MyDoom virus, and it's still spreading."
The MyDoom bugs are worms, a subgroup of computer viruses characterised by the fact that they spread independently through e-mail, Hyppoenen said.
The Russian security firm Kaspersky Lab said on Thursday that MyDoom.B was being propagated by the 600 000 or so computers that were infected by MyDoom.A.
The new MyDoom strain, detected on Wednesday, was designed to prevent infected computers from reaching anti-virus software sites for fixes.
Flaws
But analysts said MyDoom.B was not nearly as virulent as initially thought, possibly due to programming flaws.
"It's in the wild, but it's not spreading nearly as high as everybody expected," Hyppoenen noted.
"Our best bet is that there are some bugs in the virus' computer code that we have not been able to find yet."
Experts said they were expecting a new version of the MyDoom worm to appear at any time, correcting the flaws of the latest versions.
"It's quite likely that we will have a new version soon, there is nothing holding the creator back, especially since the B version did not turn out to be that successful," Hyppoenen said.