News
News
1/28/2004
04:06 PM
Connect Directly
RSS
E-Mail
50%
50%

MyDoom Sequel Has A Twist

A new variant of the Internet worm is poised to launch a denial-of-service attack on Microsoft's Web site.

Antivirus and Internet security firms are warning of a new variant to the MyDoom worm, and this time the author has it wired to not only launch a denial-of-service attack against SCO Group Inc.'s Web site on Super Bowl Sunday, but against Microsoft.com as well.

The new variant, known as MyDoom.B, began to appear late Tuesday. Its threat level was raised by many antivirus companies from low risk to medium risk by Wednesday afternoon.

While MyDoom.B is similar to the earlier version--aside from its adding Microsoft to its denial-of-service list--it also attempts to block users from being able to access 65 Web sites run by antivirus and security companies, security firm iDefense Inc. says in an advisory.

IDefense's advisory also theorizes that the new version may be using computers infected with MyDoom.A to help itself spread.

The trend of virus writers tweaking viruses and worms to quickly produce new, more-destructive variants is gaining momentum. In the fall, the MiMail.c worm wreaked havoc on Internet users; it was largely based on the MiMail worm that appeared in August. And the Sobig worm, ranked before MyDoom as the most virulent Internet worm ever, packed a nasty one-two punch against computer systems in August and September.

The most dangerous aspect of this MyDoom outbreak, experts warn, is that many users, especially home and small-business users, may neglect to clean the Trojan horse that MyDoom inserts into infected systems. This Trojan horse could potentially be used by any hacker--not just the author or authors of MyDoom--to take control of infected systems. "The possibility exists that users will just update their antivirus signatures and not clean this off of this systems, exposing themselves and others to further attack," says John Pescatore, a research director at Gartner.

The MyDoom.B variant began striking just after antivirus firms had started to see a drop in activity surrounding MyDoom.A. According to Symantec Security Response, the submission level of MyDoom.A leveled at about 80 submissions every hour by early Wednesday, then nearly doubled to up to 140 submissions per hour by the afternoon.

Also, secure E-mail services provider MessageLabs is reporting that it has intercepted more than 3 million E-mails carrying the worm, but the infection rate had peaked Tuesday at one in every 12 E-mails the firm scans.

More advice on defending against MyDoom is available at our Security Pipeline.

Perhaps the best advice in thwarting MyDoom-style mass-mailer worms, aside from running antivirus software at the desktop and E-mail gateway, is ongoing user-awareness training.

One midsize manufacturing company said that it managed to avoid widespread infection by strictly adhering to solid E-mail security policies. But the few times infections got through proved frustrating, if not humorous. These were because of user gaffes, rather than security technology shortcomings. According to a security pro at the company, one employee called for IT support after she attempted to open an E-mail infected with MyDoom.A. She complained, "It didn't do anything after I clicked on the attachment the first or even second time."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.