Sign Up: Free Daily Tech E-letter  
Technology Home
Washtech
Tech Policy
   -Copyright
   -Cybercrime
   -E-Taxes
   -FCC
   -ICANN
   -Security
Government IT
Markets
Columnists
Personal Tech
Special Reports
Jobs

Advertisement
Company Postings
Get Quotes
Press Releases
Tech Almanac
Page 2 of 2    < Back   

Speedy Worm Invades E-Mail In-Boxes

Advertisement


E-Mail This Article
Print This Article
Permission to Republish
_____Info. on 'Mydoom'_____
CERT.org
McAfee Security
Symantec Security Response
F-Secure
_____Virus Coverage_____
'Bagle' Computer Worm Apparently Slows Down (The Washington Post, Jan 21, 2004)
Microsoft Offers Reward For Virus Culprits (washingtonpost.com, Nov 5, 2003)
Worm Comes Disguised As Windows Warning (washingtonpost.com, Sep 19, 2003)
Preventive Medicine For E-Mail (The Washington Post, Aug 28, 2003)
Internet Worm Hits Airline, Banks (washingtonpost.com, Jan 26, 2003)
_____Cyber-Security_____
Virus Overwhelms Google, 3 Other Search Engines (The Washington Post, Jul 27, 2004)
Web Worm Spreads, Slows Google Searches (washingtonpost.com, Jul 26, 2004)
Report Faults Cyber-Security (The Washington Post, Jul 23, 2004)
More Security News
_____TechNews.com_____
Sign up for the weekly tech policy e-letter (Delivered every Monday).

Most common e-mail worms and viruses spread when the recipient opens the attached file, starting a program that infects the recipient's computer. The Mydoom worm, however, harbors its payload in a "zip" format, a compressed file that many corporate firewalls and anti-virus programs are designed to let through untouched.

The attached file -- which arrives as an innocuously named file such as "document.zip," "message.zip," or "readme.zip," contains a program that -- when opened -- immediately plants a "backdoor" program that lets the virus writer upload files to the infected machine.

Experts still have not cracked all of Mydoom's encryption code, which may hold clues about what else the worm is supposed to do.

Tony Magallanez, a systems engineer with San Jose, Calif., anti-virus software maker F-Secure Corp., said worm writers often use encryption to buy their creations as much time to spread as possible before experts can figure out what they are doing.

"The basic idea here is trying to make it difficult for the anti-virus researchers to stop whatever the worm is designed to do," Magallanez said.

Mydoom is already being compared to "Sobig.F," a worm that infected hundreds of thousands of computers worldwide, and later installed software that turned them into remotely controlled spamming machines.

Sobig spread at a rapid pace, giving the worm's author unrestricted access to computers infected with the worm.The computers were programmed to visit one of 20 Internet sites to download malicious software. An international team of law enforcement officials and virus hunters found and shut down those host Web sites hours before the infected army of hundreds of thousands of PCs were scheduled to follow their instructions.

Like Sobig, Blaster and most other viruses, Mydoom targets computers running the Windows operating system.

< Back    1 2
Print This Article


TechNews.com Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About TechNews.com | Advertising | Contact TechNews.com | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication