By Brian Krebs washingtonpost.com Staff Writer
Tuesday, January 27, 2004; 5:11 PM
A virulent computer worm continued its spread across the Internet today, moving with unprecedented speed and accounting for as much as 10 percent of all e-mail, security experts said.
Reported infections caused by the "Mydoom" e-mail worm rose as employees returned to work Tuesday morning and opened attachments that contained the virus. Security researchers attributed the high infection rate to the deceptive nature of the messages, which appear to be error messages generated by the employee's corporate network.
Central Command, a Medina, Ohio, anti-virus software maker, estimated that one out of every nine e-mails sent today is infected. MessageLabs, a corporate e-mail security company based in New York City, said it is intercepting between 50,000 and 60,000 messages carrying copies of the worm per hour.
"This worm has the biggest toehold in corporate America that I've seen in years," said David Perry, global director of education for Trend Micro, a Cupertino, Calif.-based anti-virus software developer.
Amit Yoran, director of the recently formed cybersecurity division of the Department of Homeland Security, said that his department "has a couple of activities under way for quashing this kind of stuff," but that it is too early to provide details.
Despite the continual onslaught of viruses, worms and related attacks, he said the preparedness to manage such events is improving.
"This worm is far more efficient and far smarter than we've seen in the past," said Yoran, who worked at anti-virus software company Symantec Corp. before moving to the Homeland Security Department. "But the outage levels are lower," suggesting that businesses, government agencies and individuals are responding faster to attacks and limiting the damage more effectively than in previous cases.
Yoran said that to date new worms and viruses have tended to be variants of their predecessors, rather than whole new strains.
"A vast majority ... are more nuisance in nature than they are national- or homeland-security ilk," he said.
The virus spreads in an e-mail message that looks like it was corrupted in transmission. The message text urges the recipient to click on an attached file if the contents are damaged or unreadable. A computer becomes infected with Mydoom only after the attachment is opened.