A Tech Job in Every Port: Supporters and opponents of outsourcing continue to pile on the data to reinforce their respective positions, with one of the tech industry's biggest lobbying groups coming out today with its own brand new set of numbers. -Cynthia L. Webb
Experts said the worm appears to carry instructions allowing its authors to gain access to infected computers.
Perry said the worm appears to be designed to target corporate networks, harvesting potential victims from the vast stores of internal and external e-mail that reside on corporate networks.
"Mydoom managed a deep infestation of businesses Monday, and now we're starting to see an immense surge of infections on the home user front," Perry said.
Mydoom sends itself out to all of the e-mail addresses it finds on the infected computer, faking the "From:" address. It also adds random data to the addresses, generating additional traffic to overwhelm e-mail servers.
Computers infected with Mydoom also are programmed to send large amounts of data to the Web site of The SCO Group, a Lindon, Utah-based company that claims ownership over portions of the widely used Linux open-source operating system. SCO is pursuing legal action against IBM Corp. and other companies, asserting that Linux includes portions of the Unix operating system to which it claims copyright ownership. The open-source community disputes SCO's claims on Linux.
The Mydoom worm is slated to begin a 12-day denial-of-service attack on SCO's Web site starting this Sunday. SCO officials did not return calls for comment. The company's Web site was down through much of Tuesday morning.
Computer security experts said Mydoom is spreading rapidly because it uses several layers of "social engineering" -- subtle means of psychological persuasion -- to get people to open the attachment.
The attached file -- which arrives as an innocuously named file such as "document.zip," "message.zip," or "readme.zip," contains a program that, when opened, immediately plants a "backdoor" program that lets the virus writer upload files to the infected machine.
Simon Perry, vice president of security strategy for Computer Associates, an anti-virus company in Islandia, N.Y., said Mydoom spread so fast because it took the opposite approach that most virus authors use, favoring language common to corporate e-mail messages over the promise of sexy photos of Anna Kournikova or "amazing screensaver programs."
"This virus uses a method that runs almost completely counter to everything people have been trained to look for over the last few years," Perry said.
Another problem is that many e-mail users continue to open attachments without knowing who sent them and what is in them, said Marty Lidner of the CERT Coordination Center, a government-funded computer security watchdog group at Carnegie Mellon University in Pittsburgh.
"The underlying fundamental issue is that this is still a user education problem that's clearly not going away until we really succeed in getting the message across," Lidner said.
--Washington Post Staff Writer Jonathan Krim contributed to this article.
