On CHOW: Eat well for LESS MONEY
BNET Business Network:
BNET
TechRepublic
ZDNet
103 TalkBacks

By News.com
Posted on ZDNet News: Jan 26, 2004 5:58:00 PM

A mass-mailing virus that quickly spread through the Internet on Monday planted a file that will instruct infected computers to attack the SCO Group's Web server with a flood of data on Feb. 1.

The virus--known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies--arrives in an in-box with one of several different random subject lines, such as "Mail Delivery System," "Test" or "Mail Transaction Failed." The body of the e-mail contains an executable file and a statement such as: "The message contains Unicode characters and has been sent as a binary attachment."


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.
"It's huge," said Vincent Gullotto, vice president of security software maker Network Associates' antivirus emergency response team. "We have it as a high-risk outbreak."

In one hour, Network Associates itself received 19,500 e-mails bearing the virus from 3,400 unique Internet addresses, Gullotto said. One large telecommunications company has already shut down its e-mail gateway to stop the virus.

Once the virus infects a Windows-running PC, it installs a program that allows the computer to be controlled remotely. The program primes the PC to send data to the SCO Group's Web server, starting Feb. 1, a virus researcher said on the condition of anonymity.

The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

Audiocast
arrow Latest computer virus runs rampant in a high-risk outbreak
play audio

The company's Web site was slow to load on Monday afternoon, a SCO spokesperson acknowledged, but the site was still accessible from the World Wide Web.

SCO's Web site was taken offline by denial-of-service attacks a handful of times in the last year, none of which had been initiated by a virus. In the past, the company has blamed Linux sympathizers for at least one of the attacks.

Antivirus companies were scrambling on Monday afternoon to learn more about the virus, which started spreading at about noon PST. The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.

"A lot of the information is encrypted, so we have to decrypt it," said Sharon Ruckman, a senior director of antivirus software maker Symantec's security response center. Symantec has had about 40 reports of the virus in the first hour, a high rate of submission, Ruckman said.


Special report
20-year plague
From the first experiments
to today's epidemics,
computer viruses have
come a long way.

The virus installs a Windows program that opens up a "back door" in the system, allowing an attacker to upload additional programs onto the compromised device. The back door also enables an intruder to route his connection through the infected computer to hide the source of an attack.

The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded. The virus camouflages itself, using one of seven file names, including Winamp5, RootkitXP, Officecrack and Nuke2004. Variations in the body text include: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."

Early data indicated an epidemic several times the size of the Sobig.F virus, which caused widespread infections last summer, said Scott Petry, a vice president of engineering at e-mail service provider Postini.


Reader resources
MyDoom prevention
and cure
CNET Reviews
"At its current run rate, we will trap almost 8 million in a day," Petry said. The company quarantined only 1,400 copies of Sobig.F in its first day and 3.5 million copies of the virus during that epidemic's peak 24-hour period.

Mail systems that remove executable files from e-mails can stop the program from spreading. biography Robert Lemos is a senior staff writer at CNET News.com.

  • Talkback
  • Most Recent of 103 Talkback(s)
really?
Oh, and M$ has been doing the right thing all these years?





MARC... (Read the rest)
Posted by: lengua99 Posted on: 01/31/04 You are currently: Logged In as: a Guest  | Login | Terms of Use
missing vulnerable OS description  rgriffith64@... | 01/26/04
How Disengenuous of You...  Confused by religion | 01/26/04
It's an executable file not an .exe  voska | 01/26/04
Sorry - my bad!  Confused by religion | 01/26/04
same old story, all over again...  mactek.net | 01/26/04
Nope  rpmyers1 | 01/26/04
Um simple answer to that!  MkIIISupra | 01/26/04
What?  Spoon Jabber | 01/26/04
Spoon Jabber and mkIIISupra  rpmyers1 | 01/26/04
Linux not worth it  John Zern | 01/27/04
you're funny...  ryusen | 01/27/04
Ignorant  d_jedi | 01/27/04
You said it!!  X Marks The Spot | 01/26/04
Windows was specifically mentioned  John L. Ries | 01/26/04
This is quoted from the story:  Bill4 | 01/26/04
Huh?  daryll@... | 01/26/04
Article was changed.  rgriffith64@... | 01/27/04
Re: missing vulnerable OS description  issthatso | 01/27/04
Look again  kuch | 01/27/04
duh  tlyon | 01/27/04
missing vulnerable OS description - NOT!  horusfalcon | 01/29/04
Getting smarter...  MkIIISupra | 01/26/04
Linsux  Fred Flintsone | 01/26/04
virus infect systems from win95 to xp  mactek.net | 01/26/04
Bully for you!  MkIIISupra | 01/26/04
Bully for you...  dsentman@... | 01/26/04
Your welcome.  MkIIISupra | 01/26/04
Wow...  Martin Marvinski | 01/26/04
Bully for you...  dsentman@... | 01/26/04
I'm with you  IT_User | 01/26/04
Virus free since 1987?  epflaum@... | 01/27/04
Overblown...  Mike Cox | 01/26/04
And all this time, I thought you were serious  John L. Ries | 01/26/04
New here?  Martin Marvinski | 01/26/04
I still say he needs his own column  Nullifidian | 01/27/04
I agree, give Cox his own column  el1jones | 01/27/04
You should hire new MCSE's  toadlife | 01/27/04
Overblown?????  jrbeaman | 01/27/04
Thanks  michael-t | 01/26/04
MCSE's on call....  Mike Cox | 01/26/04
no mail filtering?  Suicida| | 01/26/04
Irresponsible? YES!  jrbeaman | 01/27/04
Only one special thing about this  braindigitalis | 01/26/04
New virus ?  worknman | 01/26/04
---New virus hitting in-boxes---  NoB$ | 01/26/04
It's a Trojan, not a virus  heatlesssun | 01/26/04
Good tips, here are mine...  Fred Fredrickson | 01/26/04
No external files?  braindigitalis | 01/26/04
No external files? A bit extreme...  heatlesssun | 01/26/04
Hmmm - not up on the latest abilities in Outlook I see...  Confused by religion | 01/26/04
I think they mean Outlook Express when they say Outlook  voska | 01/27/04
Good Idea.... BUT!  jrbeaman | 01/27/04
Why No Webmail ???  nikoli | 01/27/04
This can work too, however...  heatlesssun | 01/26/04
BAD ADVICE!  jrbeaman | 01/27/04
Step one could be a problem  Spoon Jabber | 01/26/04
The steps are layered....  heatlesssun | 01/26/04
Once again  TWRX | 01/26/04
Not entirely true  rpmyers1 | 01/26/04
first ever virus  braindigitalis | 01/26/04
I doubt that...  kray_z | 01/26/04
Quite true  TWRX | 01/27/04
Ironic  TWRX | 01/27/04
You were born last month?  jrbeaman | 01/27/04
And AGAIN....  jrbeaman | 01/27/04
For the record.  John L. Ries | 01/26/04
re: for the record  IT-man_z | 01/26/04
Administrative Nightmare: to & from ficticious users  Jefferis Peterson | 01/26/04
mail spoofing sucks  Suicida| | 01/26/04
Nightmare is right.  jrbeaman | 01/27/04
Bully for you...  dsentman@... | 01/26/04
im with you, eastview  MrNik | 01/27/04
Another ABMer beating his chest.  NoB$ | 01/27/04
Amazing; they did it again.  Anton Philidor | 01/26/04
Yes, truly amazing  John CarrollZDNet Moderator | 01/27/04
Tech support rep here  nikoli | 01/27/04
Yes, truly amazing  John CarrollZDNet Moderator | 01/27/04
Yes, truly amazing  John CarrollZDNet Moderator | 01/27/04
Stone tires  Yagotta B. Kidding | 01/27/04
Automation doesn't help  John L. Ries | 01/27/04
Not always people you don't know  Andyvan | 01/27/04
And your point is?  BXLE | 01/27/04
Well, the Linux "commune"ity  rkadowns | 01/27/04
Not hardly  STDog | 01/27/04
Message from Mac and Linux users  miataclub | 01/27/04
happy  Jefferis Peterson | 01/27/04
Fool me once, shame on you...fool me twice, shame on me...  JJ_z | 01/27/04
Forged headers can fool you  Andyvan | 01/27/04
Linux Fans Spreading Windows Viruses  Zuel | 01/27/04
You're guessing  Arrg | 01/27/04
Idea!  MkIIISupra | 01/27/04
So windows users attacked OS projects?  STDog | 01/27/04
payback  lengua99 | 01/31/04
I was just getting to the second paragraph  Arrg | 01/27/04
I Agree 100%  wadeprater | 01/27/04
Do you know........  nite_w0lf | 01/27/04
really?  lengua99 | 01/31/04
Panda Software offers a cure  iayerbe | 01/27/04
Better cure than Panda  ddollinger | 01/29/04
Linux not worth the programming effort  John Zern | 01/27/04
For The Love Of Pete...  nikoli | 01/27/04
Idiots on the Net? How wierd.  jrbeaman | 01/27/04
Pretty nasty and misleading....  Andrej.G. | 01/28/04

What do you think?

Fusion

advertisement
Click Here