11:13 AM
Connect Directly
Repost This

MyDoom Worm Keeps Spreading

The worm is slowing the Internet; it may use infected computers to attack SCO's Web site on Feb. 1.

MyDoom continued its voracious infection rate throughout Tuesday, clogging E-mail in-boxes and degrading overall Internet performance. Antivirus companies tracking the worm's spread say they're catching infected E-mails in every one out of nine to 10 E-mails.

Secure E-mail services provider MessageLabs says it has intercepted more than 1.76 million infected E-mails since MyDoom was first found on infected systems in the Russian Federation.

On Tuesday afternoon, Web-site performance-monitoring company Keynote Systems Inc. reported that the effects of the MyDoom worm had dragged down Internet performance. According to the company, Web-page downloads were delayed up to 3.9 seconds.

Antivirus companies warn that MyDoom spreads through peer-to-peer networks and by sending E-mails with random subject headings, including "Hello." MyDoom also carries E-mail attachments with various file names, including,, and The worm also opens a port to listen for potential future instructions.

Upon activation--usually when a recipient clicks on an E-mail attachment--the rogue program searches though address books and sends itself to E-mail addresses it finds. It chooses one as the sender, so recipients may believe the message comes from someone they know.

Unlike other mass-mailing worms, MyDoom doesn't try to trick victims with promises. Rather, messages carry innocuous-sounding subject lines, like "Error" or "Server Report" and messages in the body such as "Mail transaction failed. Partial message is available."

The latest Internet attack appears aimed at setting up computers for a Feb. 1 attack against the Web server of SCO Group Inc., which has angered the Linux community by launching a legal challenge to the open-source operating system. SCO claims Linux contains its copyrighted code.

SCO has been the target of several attacks during the last year, with the latest taking down the company's server for more than a day in December.

According to some experts, the latest worm appeared to be spreading even faster than other major virus attacks, such as last year's Sobig and Mimail.

Antivirus software maker Symantec Corp. said 9% of the infections have been reported by businesses, with consumers reporting the rest. That's higher than average for corporate infection. Symantec has ranked the virus a level 4 on a 1-to-5 scale, with 5 being the highest.

"The volume that we're seeing right now hasn't really decreased," a Symantec spokesman said during a teleconference Tuesday. "We're still seeing the same volume on an hourly basis as we'd seen fairly early on when this threat broke out. That tells us it's still spreading and people are still becoming infected with this."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.