By Brian Krebs washingtonpost.com Staff Writer
Monday, January 26, 2004; 9:16 PM
A rapidly spreading e-mail worm on Monday afternoon shut down e-mail systems at several large corporations and is causing problems for computer users connected to the Internet, security experts said.
Known as "MyDoom," it is the fastest spreading e-mail worm ever, according to Network Associates, the Santa Clara, Calif.-based maker of McAfee Antivirus software. The company classified it as a "high alert," its most severe status level.
Mydoom is wreaking havoc with businesses and home computer users, said Steven Sundermeier, product manager for Central Command, an anti-virus company in Medina, Ohio. Sundermeier said the worm is spreading fastest in the United States and Europe.
The virus spreads in an e-mail message that looks like it was garbled during its journey to the recipient's in-box. The body text urges recipients to click on the attached file if the contents of the message are damaged or unreadable. The virus launches when the attachment is opened.
Once a user's computer is infected, it is programmed to send large amounts of data to the Web site of the SCO Group, a Lindon, Utah-based company that, in effect, claims ownership over portions of the widely used Linux open-source operating system. SCO is pursuing legal action against IBM Corp. and other companies, asserting that Linux includes portions of the Unix operating system to which it claims copyright ownership. The open-source community disputes SCO's claims on Linux.
The more immediate problem for computers infected with the worm is that they will automatically allow the virus's authors to connect remotely and upload files such as malicious software to forward spam e-mails. The worm also creates a mass-mailing of itself that is expected to clog many corporate e-mail servers or slow down Internet traffic, according to Cupertino, Calif.-based anti-virus software developer Symantec Corp.
Jimmy Kuo, a McAfee research fellow, said the worm has infected systems in several of its largest clients, including banking and telecommunications companies. Kuo declined to name the companies. There is no data available yet on whether Internet traffic is moving more slowly than usual.
FBI officials did not return telephone calls seeking comment on whether law enforcement is investigating the origins of the virus.
The Mydoom virus surfaced one year after the emergence of the "Slammer" worm, which currently holds the title of fastest-spreading network worm. Network worms, unlike e-mail worms, spread through known security holes in operating systems and computer software and do not require users to do anything to be infected or spread the infection.
Computer security experts said Mydoom is spreading rapidly because it uses several layers of "social engineering" -- subtle means of psychological persuasion -- to get people to open the attachment.