On mySimon: Star Wars Mimobot Flashdrives
BNET Business Network:
BNET
TechRepublic
ZDNet
68 TalkBacks

By Robert Lemos
Posted on ZDNet News: Feb 3, 2004 2:00:00 AM

The two versions of the MyDoom virus may have the same parent, according to a security researcher.

The name "andy" left in the code by the author of the MyDoom virus links the original program released a week ago with the B variant sent out two days later, Jimmy Kuo, McAfee fellow for security company Network Associates, said on Monday.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

Other hints, including numbers that appear to designate the version of the program, indicate that the fast-spreading virus was created by a professional programmer.

"It looks like what someone would write when they check in source code," said Kuo, who has been researching the virus. "The interpretation is that 'andy' is the person checking the code in."

In addition, the author left a message in the second version of the virus for those with PCs infected with the program: "I'm just doing my job, nothing personal, sorry."

The MyDoom virus, also referred to as a worm, started spreading last Monday and has swamped corporate systems worldwide with a large number of e-mail messages that appear to be errors returned from a mail server.

The virus-laden e-mails have an attachment that, when opened, installs a program on the victim's computer, in order to open up a software "back door." The attacker can then bypass the PC's security and turn the affected system into a "bounce point" for any network-based attack.

The first MyDoom is programmed so that infected computers will send data to the main Web server of the SCO Group between Feb. 1 and Feb. 12. The second version of MyDoom is set to strike Microsoft's main Web site between Feb. 3 and March 1, in addition to hitting SCO. (The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.)

While some researchers believe the MyDoom code may have originated in Russia, it's almost impossible to pin down Patient Zero--the first infected computer--or the person actually released the virus, Kuo said.

Further analysis indicates that there may be some good news for Microsoft, Kuo said. A programming error in the virus may mean that, starting Tuesday, only 7 percent of PC infected with the B variant will actually attack Microsoft at the same time.

"We think that...7 percent won't be that large a number," Kuo said.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 68 Talkback(s)
'andy' wants attention?
When 'andy' gets caught 'andy' will get a lot!
D-liver D'letter D'sooner D'better huh 'andy'?
Get 'andy'!... (Read the rest)
Posted by: LED_z Posted on: 02/11/04 You are currently: a Guest | | Terms of Use
Put him in Jail now  usapride | 02/02/04
I agree, Bill G. should be responsible for shoddy software  Xunil_Sierutuf | 02/02/04
At most they will see 7 years!  B.O.F.H. | 02/02/04
He was "Only doing his job"...  DanIelWalker_z | 02/03/04
Was he employed by SCO?  voska | 02/03/04
or  pschroeder@... | 02/03/04
my guess is  ryusen | 02/03/04
How much jail time are the neocons getting for bombing Iraq??  Bobby Sskcat | 02/03/04
Wrong on all counts  ShadeTree | 02/03/04
25 Years is excessive  voska | 02/03/04
I agree 25 years is too excessive  ShadeTree | 02/03/04
Excellent Response  ddollinger | 02/03/04
Agreed..  FreeBSD | 02/03/04
How much jail time are the neocons getting for bombing Iraq??  SC-man | 02/04/04
Put who in jail, Bill Gates???  MeadMkr | 02/03/04
Put the people who are stupid enough buy the product in jail  voska | 02/03/04
Give him a medal...  middle of nowhere | 02/02/04
Ah yes, the religious zealots  JimSatterfieldW | 02/03/04
Isn't it sad???  No_Ax_to_Grind | 02/03/04
Give him a medal  pendulum | 02/03/04
Give him a medal...  SC-man | 02/04/04
Outrageous  clmccord@... | 02/10/04
A well planned and executed virus  BXLE | 02/03/04
Horse hockey!  DarbyOhara | 02/03/04
Highly doubt it..  FreeBSD | 02/03/04
Anybody wanna bet that "andy"  MarcB_z | 02/03/04
It is too encrypted  Eggs Ackley_z | 02/03/04
Encryption  Rokstar83 | 02/03/04
Encryption  IT_User | 02/03/04
Fire all the idiots instead  KeeBored | 02/03/04
Or...  mzarra | 02/03/04
Why?  Patrick Jones | 02/03/04
Yeah, THAT will work  MarcB_z | 02/03/04
Idiot Users  rostman | 02/03/04
Fire all the idiots instead  SC-man | 02/04/04
Repost: What a sad stste of affairs.  No_Ax_to_Grind | 02/03/04
Well put, Ax!  The Marty | 02/03/04
Thaks Marty, sadly most won't understand it.  No_Ax_to_Grind | 02/03/04
Virus writers are bad  MarcB_z | 02/04/04
Vandals happen  MarcB_z | 02/03/04
I see, blaming the victim again. How pathetic.  No_Ax_to_Grind | 02/03/04
I see supporting a convicted monopoly again  JWatson77 | 02/04/04
The users are the victims  MarcB_z | 02/04/04
Simple minded arrogant thinking like yours is what's sad!  Bobby Sskcat | 02/03/04
Burn any good books lately?  No_Ax_to_Grind | 02/03/04
re : Burn any good books lately?  JWatson77 | 02/04/04
need a step ladder to get off that high horse?  coudnt_give_a_rats | 02/04/04
Bobby say: Honest and open is "arrogant".  No_Ax_to_Grind | 02/03/04
You're "right"  Bobby Sskcat | 02/03/04
My what closed minds we have...  coudnt_give_a_rats | 02/04/04
Very well written.  eholme | 02/04/04
(NT) I doubt you can this virus writer "professional"  George Jay | 02/03/04
They didn't say that it was a "professional" piece of work...  marnanel | 02/10/04
Give him a medal  JAS2803 | 02/03/04
See: Sad state of affairs.  No_Ax_to_Grind | 02/03/04
Give him a medal  wploger | 02/03/04
if that was all he did,  ryusen | 02/03/04
or  JWatson77 | 02/04/04
Security First!  FreeBSD | 02/03/04
Andy, Where for art thou?  rostman | 02/03/04
Andy the professional  eholme | 02/04/04
Open source... live and die by it..  john.gruber@... | 02/04/04
prison term?  asmirick@... | 02/04/04
Bash, Bash, Bash, Bash,  DragonBRockin | 02/04/04
consequence  pm_luisg@... | 02/06/04
I'd bet this is Andy....  cglrcng@... | 02/06/04
Hmmmmmmm.....  cglrcng@... | 02/06/04
'andy' wants attention?  LED_z | 02/11/04

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here