Jump to content

  • Free consultations and support
  • Live chatClick Here for Live Chat
  • Call ico 1888-906-1888
    Phone support: Open

    Ready for your call :)

    Our business hours:

    Mon — Fri, 2am — 8pm (EST)

    US & EU support teams

    Phone support: Closed

    We are back in: 1h 20m

    Our business hours:

    Mon — Fri, 2am — 8pm (EST)

    US & EU support teams


MyDoom Worm Sweeps Across Internet


  • Please log in to reply
&nsbp;

#1

  • Guests

Posted 28 January 2004 - 02:36 AM

oh, gash... another worm... has anybody noticed it already?

MyDoom, by many accounts, is swiftly becoming the fastest spreading virus ever, even surpassing Sobig-F, which carpet bombed the Internet late last summer.

The mass-mailing worm, also known by some security companies as Novarg, hit the wild on Monday and has been racing around the globe infecting computers with backdoor trojans and proxies. MessageLabs, an email security services company based in New York, reports that MyDoom accounts for one in 17 emails today.

As of 11 a.m. today, company analysts say they have stopped 1.2 million copies of the worm. By comparison, the company stopped 1 million copies of Sobig-F in the first 24 hours.

The worm has caused more than $850 million worth of economic damages worldwide in just the first 24 hours, according to mi2g, a security analyst company based in London.

And anti-virus experts say the problem will most likely get worse before it gets better.

''This one is very dangerous,'' says Chris Belthoff, a senior analyst at Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass. ''It's spreading pretty pervasively and we expect to see it increasing over the course of the day. A lot of people may already have copies sitting in their in-boxes and as time zones wake up and get to work, it may pick up.''

MyDoom spreads via email and by copying itself to any available shared directories used by Kazaa. It harvests addresses from infected machines, and generally uses the words 'test', 'hi' and 'hello' in the subject line.

Analysts say MyDoom is spreading so quickly because it is successfully fooling users into opening firs the email and then the attachment. The email often disguises itself as an email that the user sent that has bounced back. The user, wanting to know why the email failed, opens it up and then sees a text file icon, instead of the icon for an executable.

''From a propagation perspective, it has been effective, much more than we would have suspected,'' says Brian Dunphy, a senior manager at Symantec Managed Security Services, which is based in Alexandria, Va. ''It took a unique twist on social engineering. We've told them not to open executables but this one masquerades as a harmless text file. It's exploiting the end user and their desire to want to open up attachments.''

MyDoom also sets up a backdoor trojan in infected computers, allowing the virus writer or anyone else capable of sending commands to an infected machine to upload code or send spam. The worm also is geared to launch a denial-of-service attack against SCO.com starting Feb. 1. SCO, a Linux company, is embroiled in legal disputes over Linux and open source issues.

Some analysts say the worm is the latest round in the 'Linux wars'.

The worm has a kill date of Feb. 12.

Ken Dunham, director of malicious code at iDefense, Inc., a security and anti-virus company, says the specific kill date leads him to expect the onslaught of MyDoom variants.

''This may be the first of many attacks and we ,perhaps, may see this worm refined in future attacks,'' says Dunham. ''Like we did with Sobig in 2003, we might see copy cat attacks featuring MyDoom in 2004.''

#2 Ruben@Run2

Ruben@Run2

    Elite Designer

  • Designer
  • 182 posts

Posted 28 January 2004 - 08:52 AM

And seems tha number is increasing. Anyway, i want to share this online antivurs scanners (free ones) with some product related updates (i use both) to this worm.

McAfee

Online Virus Scan ( To the right see McAfee Free Scan)
http://us.mcafee.com/default.asp

Worm Update
http://us.mcafee.com...mydoom&cid=9543


Trend Micro

Online Virus Scan
http://housecall.tre.../start_corp.asp

Update
http://www.trendmicr...e=WORM_MIMAIL.R

#3

  • Guests

Posted 29 January 2004 - 08:55 PM

thanks. hope this will help our users.

#4 phpdeveloper

phpdeveloper

    Apprentice Designer

  • Designer
  • 124 posts

Posted 29 January 2004 - 09:15 PM

I have just implemented one tweak on the server to filter out some of those contagious emails. Hopefully there are no other generations of this worm.

#5 simplistik

simplistik

    Apprentice Designer

  • Designer
  • 216 posts

Posted 30 January 2004 - 06:34 PM

Yea, I find it crazy that ppl d/l attachments from ppl that they aren't familar with. I don't see what logic goes through ppls heads when they see that crap.

www.beyondthepixel.com - a multimedia affair
··························································
Simplicity is the ultimate sophistication.
-Leonardo da Vinci




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users