pokemon fan
08-04-2004, 03:00 PM
Larger, more lethal
According to Finnish security firm F-Secure, W32.Mydoom.b has a slightly larger payload than the original MyDoom virus, which was discovered late Monday.
The newer virus goes a step further than the original, and is set to unleash a distributed-denial-of-service (DDoS) attack not only against SCO, but also against Microsoft. SCO is the Utah software company involved in a legal dispute over Linux ownership, and the target of open-source software advocates' ire.
What's worse, the new version of MyDoom also prevents infected machines from accessing antivirus websites.
Spreading through email and the KaZaA file-sharing network, MyDoom has hit several hundred thousand computers since late Monday. Some security experts put the number of infected machines at well over 600,000 and are calling MyDoom the fastest-spreading virus to date. The title was previously held by SoBig, which went global in August 2003.
Defend yourself
Also known as Novarg, MyDoom affects PCs running Windows 95 and later. Visit Central Command for information on how to spot the virus.
Also, you'll find a free, Web-based scan for MyDoom and other viruses at Trend Micro's website. Symantec and F-Secure also offer free removal tools for the original MyDoom worm.
New strain even nastier
Antivirus firm Kaspersky Lab says the Mydoom.b strain may be spreading through machines infected with the original MyDoom virus. From an estimated base of as many as 600,000 machines previously infected with the Mydoom.a worm, experts fear the newer variant could wreak even more havoc.
Like Mydoom.a, the new iteration spreads via email or the KaZaA file-sharing network. Users must click on the attachment to become infected. Kaspersky Lab indicates that much of the internal code of the new version is similar to the original, but it does embody some subtle changes.
The company says the virus modifies a user's system to prevent it from accessing antivirus update services. The new version of the worm also includes a strange string of code that reads: "sync-1.01; andy; I'm just doing my job, nothing personal, sorry."
The new target: Microsoft
Starting Feb. 1, both versions of the worm will launch a DDoS attack aimed at SCO.com and Microsoft.com. During DDoS attacks, the thousands of infected computers make continuous data requests from the company's websites, flooding them with data and effectively shutting them down. SCO has been hit with DDoS attacks in the past, but they've never come based on a virus.
Microsoft is no stranger to virally based DDoS attacks, either. The Blaster worm used infected machines to take Microsoft's Windows Update site offline. In that instance Microsoft redirected traffic to other URLs that allowed users to run windows update.
SCO CEO Darl McBride spoke to reporters on Tuesday and said the company is offering a $250,000 reward for information leading to the arrest of MyDoom's creator. The company is also now working with the FBI and Secret Service to find the culprit.
"Now the whole world's getting dragged into it," McBride said. "We're going to step up and take a leadership position and take a strong role in helping track down and [find] the people responsible for this."
Feds' new cybercrime unit
Coincidentally, the Department of Homeland Security Wednesday launched a new service designed to centralize the alert process for new viruses such as MyDoom.
Users can sign up for the National Cyber Alert System to receive free security alerts and advice on staying virus-free. The goal of the new service is to create a central repository of viral data collection, and have that government agency disseminate a clear message about virus protection.
source: g4techtv
According to Finnish security firm F-Secure, W32.Mydoom.b has a slightly larger payload than the original MyDoom virus, which was discovered late Monday.
The newer virus goes a step further than the original, and is set to unleash a distributed-denial-of-service (DDoS) attack not only against SCO, but also against Microsoft. SCO is the Utah software company involved in a legal dispute over Linux ownership, and the target of open-source software advocates' ire.
What's worse, the new version of MyDoom also prevents infected machines from accessing antivirus websites.
Spreading through email and the KaZaA file-sharing network, MyDoom has hit several hundred thousand computers since late Monday. Some security experts put the number of infected machines at well over 600,000 and are calling MyDoom the fastest-spreading virus to date. The title was previously held by SoBig, which went global in August 2003.
Defend yourself
Also known as Novarg, MyDoom affects PCs running Windows 95 and later. Visit Central Command for information on how to spot the virus.
Also, you'll find a free, Web-based scan for MyDoom and other viruses at Trend Micro's website. Symantec and F-Secure also offer free removal tools for the original MyDoom worm.
New strain even nastier
Antivirus firm Kaspersky Lab says the Mydoom.b strain may be spreading through machines infected with the original MyDoom virus. From an estimated base of as many as 600,000 machines previously infected with the Mydoom.a worm, experts fear the newer variant could wreak even more havoc.
Like Mydoom.a, the new iteration spreads via email or the KaZaA file-sharing network. Users must click on the attachment to become infected. Kaspersky Lab indicates that much of the internal code of the new version is similar to the original, but it does embody some subtle changes.
The company says the virus modifies a user's system to prevent it from accessing antivirus update services. The new version of the worm also includes a strange string of code that reads: "sync-1.01; andy; I'm just doing my job, nothing personal, sorry."
The new target: Microsoft
Starting Feb. 1, both versions of the worm will launch a DDoS attack aimed at SCO.com and Microsoft.com. During DDoS attacks, the thousands of infected computers make continuous data requests from the company's websites, flooding them with data and effectively shutting them down. SCO has been hit with DDoS attacks in the past, but they've never come based on a virus.
Microsoft is no stranger to virally based DDoS attacks, either. The Blaster worm used infected machines to take Microsoft's Windows Update site offline. In that instance Microsoft redirected traffic to other URLs that allowed users to run windows update.
SCO CEO Darl McBride spoke to reporters on Tuesday and said the company is offering a $250,000 reward for information leading to the arrest of MyDoom's creator. The company is also now working with the FBI and Secret Service to find the culprit.
"Now the whole world's getting dragged into it," McBride said. "We're going to step up and take a leadership position and take a strong role in helping track down and [find] the people responsible for this."
Feds' new cybercrime unit
Coincidentally, the Department of Homeland Security Wednesday launched a new service designed to centralize the alert process for new viruses such as MyDoom.
Users can sign up for the National Cyber Alert System to receive free security alerts and advice on staying virus-free. The goal of the new service is to create a central repository of viral data collection, and have that government agency disseminate a clear message about virus protection.
source: g4techtv