Posted on 29-10-2004
MyDoom
variant emerges, targets Microsoft
A variant of the MyDoom worm has emerged as the most devastating
virus since last summer, and is likely to target Microsoft Corp.'s
website, security experts said today.
Since appearing earlier this week, the worm, also dubbed Novarg
or Shimgapi, has infected computers across the globe by enticing
users to open a file attachment that releases a program that
potentially allows other attackers to gain unauthorised access.
The financial damage from the virus-like program -- from network
slowdown to lost productivity -- is already being measured in
the billions of dollars, according to anti-virus vendors.
The latest version of the worm is designed to flood Microsoft's
website with requests for information in an attempt to bring
it down, experts said on Tuesday. This strategy is similar to
that of the first version, which targeted the website of the
SCO Group Inc., the small software maker suing International
Business Machines Corp. over the use of code for the Linux operating
system, they noted.
"It's interesting in that it potentially has a denial
of service attack on Microsoft," said Jimmy Kuo, a researcher
at Network Associates Inc.'s McAfee anti-virus unit.
Kuo said that it was difficult to tell whether the variant,
called "MyDoom.b," was spreading across the internet,
or "in the wild." So far, anti-virus companies have
received and analysed the variant from only a few sources.
The MyDoom variant appeared to have other similar aspects to
the first version, in that it exempts e-mail address for government
agencies, some universities, and other computer security companies,
including Symantec Corp.
Computers running any of the latest versions of Microsoft's
Windows operating system e-mail program are at risk of being
infected, although the worm doesn't exploit any flaws in Windows
or software.
Instead, MyDoom is designed to entice the recipient of an e-mail
to open an attachment with an .exe, .scr, .zip or .pif extension.
Since the worms often appear as error messages from "Mail
Administrators" and other official-looking addresses, many
inevitably open an attachment after finding minimal information
in the message. Users who receive the worm and simply ignore
or delete it will be able to avoid any damage.
In response to the worm's targeting its website, SCO offered
a $250,000 reward for "information leading to the arrest
and conviction of those responsible for this crime." SCO
has drawn the ire of many Linux advocates for its claims that
Linux software includes copyrighted code from the Unix operating
system.
The attacks from infected computers on SCO and Microsoft are
scheduled to begin on Feb. 1 and continue to Feb. 12.
|