MyDoom.f Spreads, Deletes Files - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

MyDoom.f Spreads, Deletes Files

Unlike other variants of the worm, this one randomly eliminates files, including doucments created by Word and Excel.

MyDoom.f, discovered last Friday, continues to spread, security experts said Wednesday--but unlike other variants of the persistent worm, it can wreak havoc on the infected machine by randomly deleting files, including documents created with Microsoft Word and Excel.

"This worm is being sighted in larger numbers, suggesting that not all computers are properly protected," said Graham Cluley, senior technology consultant at Sophos.

MyDoom.f, whose payload arrives in an attached file in an E-mail message with a large number of possible subject lines--including "Read this," "Your order is being processed," and "Bug"--installs malicious code that, among other tasks, conducts denial-of-service attacks against Microsoft.com and RIAA.com.

The RIAA site is the Internet home of the Recording Industry Association of America, the group responsible for bringing lawsuits against illegal music file sharers. Early Tuesday, AlertSite, a Web-monitoring firm, reported that RIAA.com showed a significant drop in performance due to the attack; between 9 a.m. and noon Tuesday, the site was available only about 74% of the time.

"It appears that the site was affected yesterday by the traffic generated by this latest revision of MyDoom," said Ken Godskind, VP at AlertSite. By Wednesday morning, RIAA.com had recovered and was available approximately 92% of the time, Godskind said.

Microsoft's Web site, which has been the target of numerous denial-of-service attacks over the past several weeks thanks to MyDoom variations, wasn't affected by this latest worm's assault.

MyDoom.f, which has been rated as a medium-level threat by most anti-virus firms, takes the MyDoom motif—denial-of-service attacks, the creation of a backdoor on the infected machine for possible use as a spam proxy--and ups the ante by randomly deleting a number of file types on the compromised system.

MyDoom.f targets a variety of image files, as well as Microsoft Word documents and Excel worksheets, said security professionals. The full list of the file types targeted is: mdb, .doc, .xls, .sav, .jpg, .avi, and .bmp.

"It deletes files with various levels of success," said Ken Dunham, the director of malicious code research at iDefense, "but it seems it manages to delete Word files about 40% of the time."

This is the first MyDoom variant that's had a direct, destructive impact on local machines infected with the worm.

Most experts believe the author of MyDoom.f is a different individual than the creator of the original worm, thanks to clues in the code, and its destructive spin. "The source code for MyDoom was planted by Doomjuice," said Dunham, "and here you go. It's not surprising that variants continue to show up."

Although anti-virus firms have updated their definition files to take MyDoom.f into account--deflecting it and destroying it when found--users not guarded by anti-virus software who think their machines may be infected can download automated removal tools from such sources as Symantec and F-Secure.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll