MyDoom variant targets Microsoft

By Robert Lemos
Posted on ZDNet News: Jan 28, 2004 8:12:00 PM

A new version of the mass-mailing MyDoom virus has hit the Net, aiming data attacks at Microsoft's Web site and interfering with an infected PC's ability to access downloadable security-software updates, antivirus companies said Wednesday.

"We are trying to understand (what the virus' authors are doing), but they are basically trying to stop people from going to security sites," said Sharon Ruckman, senior director for security response at security software maker Symantec.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

MyDoom.B, the second version of the virus, is already spreading around the Internet, Ruckman said. It includes some changes to the e-mail that carries the virus, including new subject lines and a message that mimics an error from Sendmail software, a common e-mail gateway server.

The MyDoom virus, also referred to as a worm, started spreading Monday and has swamped companies with a large number of e-mail messages that appear to be errors returned from a mail server.

The virus-laden e-mails have an attachment that, when opened, installs a program on the victim's computer that opens up a software "back door." Attackers can then bypass the PC's security and turn the infected system into a "bounce point" for any network-based attack.

Both versions of the virus are also programmed so that infected PCs will send data to the main Web server of the SCO Group between Feb. 1 and Feb. 12. The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

On Tuesday, SCO offered a $250,000 bounty for information leading to the conviction of the person responsible for the MyDoom epidemic. Microsoft, which has offered similar bounties for information leading to the conviction of those responsible for the MSBlast worm and the Sobig.F virus, hasn't yet stated whether it will offer a reward related to MyDoom.

"This is all breaking fairly quickly, so we are focused on getting a grip on the technical issues," said Christopher Budd, security program manager for Microsoft's product support services. "As far as the applicability of our virus rewards program, we will look at that when we get this contained and understood."

The new version of the virus prevents PC users from going to security sites and could block some antivirus software from getting the latest updates. The new virus adds a file to the infected computer that tells it where to look for certain Internet addresses. Among the addresses are F-Secure's update site, Symantec's update site and Microsoft's downloads site.

Symantec confirmed that its users may have to delete the file before they can update their antivirus software, while Microsoft was still investigating the effect on Windows users.

"It will impede access to some Web sites, but we are investigating the issue," said Microsoft's Budd.

F-Secure has other ways of getting its software updated and so should not be affected by the issue, said Tony Magallanez, systems engineer with the Finnish antivirus company.

"In our software we have ways of circumventing that problem," Magallanez said. "We have multiple ways of updating the program and our software will fail-over to the alternate methods."

Symantec, F-Secure and other antivirus companies are currently analyzing the new mass-mailing virus.

SponsoredWhite Papers, Webcasts, and Downloads

VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the high cost of maintaining or building ever-larger data centers? Get the facts you need to formulate your Virtualization Action Plan. Download Now
Building the Virtualized Enterprise with VMware Infrastructure VMware This paper explains how adopting a virtual infrastructure -- comprised of server, storage, and networking virtualization technologies -- can help your organization build a sustainable competitive ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

Talkback
Most Recent of 120 Talkback(s)

Thread View
Flat View

Oh well ....: So he doesn't feel the need for spelling correctly. So what. The Exchange server upstairs, has been down for a week and a half straight. My sendmail server (ASP Linux) has been up since I brought ... (Read the rest); Posted by: travisr Posted on: 02/02/04 You are currently: a Guest | Log in | Terms of Use

I need a windows box nite_w0lf | 01/28/04

Conflict? Xunil_Sierutuf | 01/28/04

I need a windows box foxaroni | 01/29/04

Oh well .... travisr | 02/02/04

linux loss izzy70 | 01/29/04

Wow... Martin Marvinski | 01/31/04

amen xerxyz | 01/29/04

Why should it not target Microsoft? B.O.F.H. | 01/28/04

Ah yes, Linux supporters again. No_Ax_to_Grind | 01/28/04

Who says Linux users are behind it? MarcB_z | 01/28/04

Any criminal investigation starts... No_Ax_to_Grind | 01/28/04

And no one's EVER been framed Bobby Sskcat | 01/28/04

Judging by your other posts No_Ax_to_Grind | 01/28/04

Wow... intelligent response, Bitty... Martin Marvinski | 01/31/04

Any criminal investigation starts... NoB$ | 01/28/04

You're wrong. Anton Philidor | 01/28/04

Shills are so easily fooled NoB$ | 01/28/04

The good hard working... IT_User | 01/31/04

Way too much time watching crime stories quietLee | 01/29/04

Even so... John L. Ries | 01/28/04

There is an old saying... No_Ax_to_Grind | 01/28/04

Wow... Martin Marvinski | 01/31/04

No Ax To Grind you are an idiot hipparchus | 01/28/04

Yeah, but.... billywill | 01/28/04

EXE's pschroeder@... | 01/28/04

I know current versions are better but old MS must be fixed hipparchus | 01/28/04

the patches are there pschroeder@... | 01/28/04

if the patches are there, use of them must be enforced hipparchus | 01/28/04

enforcing patches pschroeder@... | 01/28/04

good ideas there peter I hope MS is listening hipparchus | 01/28/04

A little off topic... Martin Marvinski | 01/31/04

Wow... Martin Marvinski | 01/31/04

stating the obvious pschroeder@... | 01/28/04

What happened to the Russian connection? IT_User | 01/28/04

nothing has happened to it pschroeder@... | 01/28/04

Um, Hypocrite Bobby Sskcat | 01/28/04

ASSuming wrong pschroeder@... | 01/28/04

Correction pschroeder@... | 01/28/04

Exactlly! No_Ax_to_Grind | 01/28/04

Well actually you have the right idea but are wrong... MkIIISupra | 01/28/04

Yes, but... billywill | 01/28/04

missed the point pschroeder@... | 01/28/04

I think you almost have it right Anton Philidor | 01/28/04

hmmm pschroeder@... | 01/28/04

Likely? Martin Marvinski | 01/31/04

No Mac attack? billywill | 01/28/04

Re: Who says Linux users are behind it? cbradshaw@... | 01/29/04

Where do the winows idiots come from?? nite_w0lf | 01/28/04

Did you not understand? No_Ax_to_Grind | 01/28/04

You mean they are Windows developers? B.O.F.H. | 01/28/04

Linux developers pschroeder@... | 01/28/04

based upon history... B.O.F.H. | 01/28/04

yes, but... pschroeder@... | 01/28/04

Bitty, you're not that stupid... Martin Marvinski | 01/31/04

Re: .. Linux supporters issthatso | 01/28/04

Has someone stolen your ID again? tic swayback | 01/28/04

For the record, if I am wrong I will admit it here. No_Ax_to_Grind | 01/28/04

Get ready to admit it tic swayback | 01/28/04

Spammers targeted SCO? I doubt that. No_Ax_to_Grind | 01/28/04

Missing the point again tic swayback | 01/29/04

Useless r0ckflite | 01/28/04

even more useless pschroeder@... | 01/28/04

The virus came from Russia, look it up! B.O.F.H. | 01/28/04

give credit to GROKLAW pschroeder@... | 01/28/04

Groklaw does deserve some credit, as does MessageLabs B.O.F.H. | 01/28/04

MessageLabs pschroeder@... | 01/28/04

New Mydoom virus variant discovered: W32.Novarg.B@mm B.O.F.H. | 01/28/04

still, no keylogger mentioned in the new version ,either (NT) pschroeder@... | 01/28/04

Re: Origin cbradshaw@... | 01/29/04

Eat crow much? tic swayback | 01/28/04

Doubt it. doe_z | 01/28/04

Bit/Don, replace "Linux supporters"... emartin_z | 01/28/04

A rear Linux supporter indeed. No_Ax_to_Grind | 01/28/04

Ah yes, Business owners again. hortons@... | 01/28/04

I doubt it skeptic tank | 01/29/04

Re: I doubt it cbradshaw@... | 01/29/04

A bit of possibly useful information. Yen_z | 01/28/04

It's the same on XP systems too doctormoriarty | 01/28/04

Einey, meiney, mighney, moe.... Xunil_Sierutuf | 01/28/04

Oops! Another hole! IT_User | 01/28/04

Yep. Ironic. Yen_z | 01/28/04

Here's a thought on executable attachments billywill | 01/28/04

Users doe_z | 01/28/04

certificates are not enough, deleting exe not great hipparchus | 01/28/04

STOP ALREADY pschroeder@... | 01/28/04

It installed its own SMTP server hipparchus | 01/28/04

Raw socket access pschroeder@... | 01/28/04

but default of off is probably more secure hipparchus | 01/28/04

Raw Sockets JohnW_z | 01/29/04

Good idea pschroeder@... | 01/29/04

YOU dont UNDERSTAND Valis Keogh | 01/29/04

Tell me, how would Linux boxes be immune? John Carroll

| 01/28/04

But this one does IT_User | 01/28/04

Hmm, where'd the link go? IT_User | 01/28/04

Your link can't be followed! Jose Jimenez | 01/28/04

Old info and missed a step Xunil_Sierutuf | 01/28/04

Try this Jose Jimenez | 01/28/04

The problem lies... doe_z | 01/28/04

Linux boxes are far stronger hipparchus | 01/28/04

apology in advance for repeating untruth about lindows hipparchus | 01/28/04

XP Security jfrankcarr | 01/28/04

heavily locked down system generating support calls hipparchus | 01/28/04

Macs are boutique machines jfrankcarr | 01/28/04

it would be rather difficult, and you would mean it! wrench_ninja | 01/28/04

never underestimate a determined user pschroeder@... | 01/28/04

nigeria Valis Keogh | 01/29/04

+Wine doesent run as root (nt) nite_w0lf | 01/28/04

POTENTIAL NEW SECURITY PRODUCT (GET RICH) hipparchus | 01/28/04

The virus originated from Russia B.O.F.H. | 01/28/04

thanks to GROKLAW for your post pschroeder@... | 01/28/04

The MS faithfuls: doomed to misery. michael-t | 01/28/04

Microsoft has screwed over so many people jjon2121 | 01/28/04

SCO uses Gates-ware???? usscharger | 01/29/04

you are AALL annoying as hell Valis Keogh | 01/29/04

linux losers izzy70 | 01/29/04

Tune in Sunday morning IT_User | 01/30/04

Another disadvantage about Linux!!! izzy70 | 01/30/04

snob empty_z | 01/30/04

Oh, come on. No sense targeting Linux... John Zern | 01/31/04

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

White Papers, Webcasts, and Downloads

VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the high cost of maintaining or building ever-larger data centers? Get the facts you need to formulate your Virtualization Action Plan. Download Now
Building the Virtualized Enterprise with VMware Infrastructure VMware This paper explains how adopting a virtual infrastructure -- comprised of server, storage, and networking virtualization technologies -- can help your organization build a sustainable competitive ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
Can your business work smarter? Learn more about Lotus Symphony
Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
Smarter ways to make smarter products Read the brief from IBM

MyDoom variant targets Microsoft

SponsoredWhite Papers, Webcasts, and Downloads

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads