MyDoom Sequel Has A Twist - InformationWeek
04:06 PM

MyDoom Sequel Has A Twist

A new variant of the Internet worm is poised to launch a denial-of-service attack on Microsoft's Web site.

Antivirus and Internet security firms are warning of a new variant to the MyDoom worm, and this time the author has it wired to not only launch a denial-of-service attack against SCO Group Inc.'s Web site on Super Bowl Sunday, but against as well.

The new variant, known as MyDoom.B, began to appear late Tuesday. Its threat level was raised by many antivirus companies from low risk to medium risk by Wednesday afternoon.

While MyDoom.B is similar to the earlier version--aside from its adding Microsoft to its denial-of-service list--it also attempts to block users from being able to access 65 Web sites run by antivirus and security companies, security firm iDefense Inc. says in an advisory.

IDefense's advisory also theorizes that the new version may be using computers infected with MyDoom.A to help itself spread.

The trend of virus writers tweaking viruses and worms to quickly produce new, more-destructive variants is gaining momentum. In the fall, the MiMail.c worm wreaked havoc on Internet users; it was largely based on the MiMail worm that appeared in August. And the Sobig worm, ranked before MyDoom as the most virulent Internet worm ever, packed a nasty one-two punch against computer systems in August and September.

The most dangerous aspect of this MyDoom outbreak, experts warn, is that many users, especially home and small-business users, may neglect to clean the Trojan horse that MyDoom inserts into infected systems. This Trojan horse could potentially be used by any hacker--not just the author or authors of MyDoom--to take control of infected systems. "The possibility exists that users will just update their antivirus signatures and not clean this off of this systems, exposing themselves and others to further attack," says John Pescatore, a research director at Gartner.

The MyDoom.B variant began striking just after antivirus firms had started to see a drop in activity surrounding MyDoom.A. According to Symantec Security Response, the submission level of MyDoom.A leveled at about 80 submissions every hour by early Wednesday, then nearly doubled to up to 140 submissions per hour by the afternoon.

Also, secure E-mail services provider MessageLabs is reporting that it has intercepted more than 3 million E-mails carrying the worm, but the infection rate had peaked Tuesday at one in every 12 E-mails the firm scans.

More advice on defending against MyDoom is available at our Security Pipeline.

Perhaps the best advice in thwarting MyDoom-style mass-mailer worms, aside from running antivirus software at the desktop and E-mail gateway, is ongoing user-awareness training.

One midsize manufacturing company said that it managed to avoid widespread infection by strictly adhering to solid E-mail security policies. But the few times infections got through proved frustrating, if not humorous. These were because of user gaffes, rather than security technology shortcomings. According to a security pro at the company, one employee called for IT support after she attempted to open an E-mail infected with MyDoom.A. She complained, "It didn't do anything after I clicked on the attachment the first or even second time."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll