MyDoom.f Spreads, Deletes Files - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


MyDoom.f Spreads, Deletes Files

Unlike other variants of the worm, this one randomly eliminates files, including doucments created by Word and Excel.

MyDoom.f, discovered last Friday, continues to spread, security experts said Wednesday--but unlike other variants of the persistent worm, it can wreak havoc on the infected machine by randomly deleting files, including documents created with Microsoft Word and Excel.

"This worm is being sighted in larger numbers, suggesting that not all computers are properly protected," said Graham Cluley, senior technology consultant at Sophos.

MyDoom.f, whose payload arrives in an attached file in an E-mail message with a large number of possible subject lines--including "Read this," "Your order is being processed," and "Bug"--installs malicious code that, among other tasks, conducts denial-of-service attacks against and

The RIAA site is the Internet home of the Recording Industry Association of America, the group responsible for bringing lawsuits against illegal music file sharers. Early Tuesday, AlertSite, a Web-monitoring firm, reported that showed a significant drop in performance due to the attack; between 9 a.m. and noon Tuesday, the site was available only about 74% of the time.

"It appears that the site was affected yesterday by the traffic generated by this latest revision of MyDoom," said Ken Godskind, VP at AlertSite. By Wednesday morning, had recovered and was available approximately 92% of the time, Godskind said.

Microsoft's Web site, which has been the target of numerous denial-of-service attacks over the past several weeks thanks to MyDoom variations, wasn't affected by this latest worm's assault.

MyDoom.f, which has been rated as a medium-level threat by most anti-virus firms, takes the MyDoom motif—denial-of-service attacks, the creation of a backdoor on the infected machine for possible use as a spam proxy--and ups the ante by randomly deleting a number of file types on the compromised system.

MyDoom.f targets a variety of image files, as well as Microsoft Word documents and Excel worksheets, said security professionals. The full list of the file types targeted is: mdb, .doc, .xls, .sav, .jpg, .avi, and .bmp.

"It deletes files with various levels of success," said Ken Dunham, the director of malicious code research at iDefense, "but it seems it manages to delete Word files about 40% of the time."

This is the first MyDoom variant that's had a direct, destructive impact on local machines infected with the worm.

Most experts believe the author of MyDoom.f is a different individual than the creator of the original worm, thanks to clues in the code, and its destructive spin. "The source code for MyDoom was planted by Doomjuice," said Dunham, "and here you go. It's not surprising that variants continue to show up."

Although anti-virus firms have updated their definition files to take MyDoom.f into account--deflecting it and destroying it when found--users not guarded by anti-virus software who think their machines may be infected can download automated removal tools from such sources as Symantec and F-Secure.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Is Cloud Migration a Path to Carbon Footprint Reduction?
Joao-Pierre S. Ruth, Senior Writer,  10/5/2020
IT Spending, Priorities, Projects: What's Ahead in 2021
Jessica Davis, Senior Editor, Enterprise Apps,  10/2/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll