MyDoom linked to spam mail
2004-01-30 15:11
Moscow - Russia is 80% likely to be the origin of the MyDoom computer worm, which has become the worst ever Internet epidemic, and could be an attempt to distribute spam mail, a top Russian anti-virus firm said on Friday.
The Russian security firm Kaspersky Labs said it had traced the first emails infected with MyDoom to addresses with Russian Internet providers.
"We have special software to monitor Internet traffic across the world. This detected that the first emails infected by the worm came from Russian providers," the firm's spokesperson Denis Zenkin, said.
"But there is a still a 20% chance that this was an attempt to mislead. Virus programmers from other countries could have registered an email address in Russia and transmitted their harmful programmes via it," he added.
Microsoft and SCO, the owner of the Unix operating system, have together offered $450 000 in rewards for information leading to the arrest and prosecution of MyDoom's creators.
"This worm is a criminal attack," said Brad Smith, senior vice president and general counsel at the Microsoft software giant.
MyDoom.B, detected on Wednesday, is a variant of the earlier released MyDoom.A worm, also known as the Novarg worm, which became the worst epidemic on the Internet. It installs a programme that directs infected computers to launch so-called denial-of-service attacks on Microsoft's main corporate website.
MyDoom spreads through e-mail attachments and downloads from the popular Kazaa file-sharing service, which lets Internet surfers share content such as games, movies and music.
California-based Panda Software said MyDoom.A was still spreading rapidly, even though individual computer users may be seeing fewer infected e-mails.
It said one in every five e-mails is carrying this worm, making four million infected e-mails in circulation and slowing down Internet traffic around the world.
An expert from Kaspersky Labs, Alexander Gostiyev, told a press conference in Moscow that the creators of the virus were not aiming to disrupt Internet traffic but use infected computers to distribute unsolicited junk mail.
The attack "was very well planned and prepared, perhaps for several months and at least 1 000 computers were infected in advance," Gostiyev said.