PDA

View Full Version : Mydoom virus?


pokemon fan
08-04-2004, 03:00 PM
Larger, more lethal

According to Finnish security firm F-Secure, W32.Mydoom.b has a slightly larger payload than the original MyDoom virus, which was discovered late Monday.

The newer virus goes a step further than the original, and is set to unleash a distributed-denial-of-service (DDoS) attack not only against SCO, but also against Microsoft. SCO is the Utah software company involved in a legal dispute over Linux ownership, and the target of open-source software advocates' ire.

What's worse, the new version of MyDoom also prevents infected machines from accessing antivirus websites.

Spreading through email and the KaZaA file-sharing network, MyDoom has hit several hundred thousand computers since late Monday. Some security experts put the number of infected machines at well over 600,000 and are calling MyDoom the fastest-spreading virus to date. The title was previously held by SoBig, which went global in August 2003.

Defend yourself

Also known as Novarg, MyDoom affects PCs running Windows 95 and later. Visit Central Command for information on how to spot the virus.

Also, you'll find a free, Web-based scan for MyDoom and other viruses at Trend Micro's website. Symantec and F-Secure also offer free removal tools for the original MyDoom worm.

New strain even nastier

Antivirus firm Kaspersky Lab says the Mydoom.b strain may be spreading through machines infected with the original MyDoom virus. From an estimated base of as many as 600,000 machines previously infected with the Mydoom.a worm, experts fear the newer variant could wreak even more havoc.

Like Mydoom.a, the new iteration spreads via email or the KaZaA file-sharing network. Users must click on the attachment to become infected. Kaspersky Lab indicates that much of the internal code of the new version is similar to the original, but it does embody some subtle changes.

The company says the virus modifies a user's system to prevent it from accessing antivirus update services. The new version of the worm also includes a strange string of code that reads: "sync-1.01; andy; I'm just doing my job, nothing personal, sorry."

The new target: Microsoft

Starting Feb. 1, both versions of the worm will launch a DDoS attack aimed at SCO.com and Microsoft.com. During DDoS attacks, the thousands of infected computers make continuous data requests from the company's websites, flooding them with data and effectively shutting them down. SCO has been hit with DDoS attacks in the past, but they've never come based on a virus.

Microsoft is no stranger to virally based DDoS attacks, either. The Blaster worm used infected machines to take Microsoft's Windows Update site offline. In that instance Microsoft redirected traffic to other URLs that allowed users to run windows update.

SCO CEO Darl McBride spoke to reporters on Tuesday and said the company is offering a $250,000 reward for information leading to the arrest of MyDoom's creator. The company is also now working with the FBI and Secret Service to find the culprit.

"Now the whole world's getting dragged into it," McBride said. "We're going to step up and take a leadership position and take a strong role in helping track down and [find] the people responsible for this."

Feds' new cybercrime unit

Coincidentally, the Department of Homeland Security Wednesday launched a new service designed to centralize the alert process for new viruses such as MyDoom.

Users can sign up for the National Cyber Alert System to receive free security alerts and advice on staying virus-free. The goal of the new service is to create a central repository of viral data collection, and have that government agency disseminate a clear message about virus protection.

source: g4techtv

TSH
08-08-2004, 02:12 AM
Which is why it's now important, kiddies, to update your Windows and bulk up on virus scanners and updates, because you'll need 'em! Just be careful what you download. ;)

Yggdrasill
10-22-2004, 12:29 PM
i'd better watch out,i hardly download anything anyway,maybe it's spyware what's causing the virus.

Agent Orange
10-22-2004, 07:16 PM
Please, don't bring up old threads. It clutters up the forum, keep posts in active, less that one week old threads.

Yggdrasill
10-22-2004, 07:20 PM
oh ok i didn't know thanks.

Agent Orange
10-22-2004, 07:22 PM
No problem, you didn't know. But if it happens again, we'll have to feed you to Alex, and you don't want that. :tongue: