A new variant of the Internet worm is poised to launch a denial-of-service attack on Microsoft's Web site.
Antivirus and Internet security firms are warning of a new variant to the MyDoom worm, and this time the author has it wired to not only launch a denial-of-service attack against SCO Group Inc.'s Web site on Super Bowl Sunday, but against Microsoft.com as well.
The new variant, known as MyDoom.B, began to appear late Tuesday. Its threat level was raised by many antivirus companies from low risk to medium risk by Wednesday afternoon.
While MyDoom.B is similar to the earlier version--aside from its adding Microsoft to its denial-of-service list--it also attempts to block users from being able to access 65 Web sites run by antivirus and security companies, security firm iDefense Inc. says in an advisory.
IDefense's advisory also theorizes that the new version may be using computers infected with MyDoom.A to help itself spread.
The trend of virus writers tweaking viruses and worms to quickly produce new, more-destructive variants is gaining momentum. In the fall, the MiMail.c worm wreaked havoc on Internet users; it was largely based on the MiMail worm that appeared in August. And the Sobig worm, ranked before MyDoom as the most virulent Internet worm ever, packed a nasty one-two punch against computer systems in August and September.
The most dangerous aspect of this MyDoom outbreak, experts warn, is that many users, especially home and small-business users, may neglect to clean the Trojan horse that MyDoom inserts into infected systems. This Trojan horse could potentially be used by any hacker--not just the author or authors of MyDoom--to take control of infected systems. "The possibility exists that users will just update their antivirus signatures and not clean this off of this systems, exposing themselves and others to further attack," says John Pescatore, a research director at Gartner.
The MyDoom.B variant began striking just after antivirus firms had started to see a drop in activity surrounding MyDoom.A. According to Symantec Security Response, the submission level of MyDoom.A leveled at about 80 submissions every hour by early Wednesday, then nearly doubled to up to 140 submissions per hour by the afternoon.
Also, secure E-mail services provider MessageLabs is reporting that it has intercepted more than 3 million E-mails carrying the worm, but the infection rate had peaked Tuesday at one in every 12 E-mails the firm scans.
Perhaps the best advice in thwarting MyDoom-style mass-mailer worms, aside from running antivirus software at the desktop and E-mail gateway, is ongoing user-awareness training.
One midsize manufacturing company said that it managed to avoid widespread infection by strictly adhering to solid E-mail security policies. But the few times infections got through proved frustrating, if not humorous. These were because of user gaffes, rather than security technology shortcomings. According to a security pro at the company, one employee called for IT support after she attempted to open an E-mail infected with MyDoom.A. She complained, "It didn't do anything after I clicked on the attachment the first or even second time."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.