Sign Up: Free Daily Tech E-letter  
Technology Home
Tech Policy
Government IT
Personal Tech
Special Reports

Page 2 of 2    < Back   

'Mydoom' Computer Infections Still Climbing


E-Mail This Article
Print This Article
Permission to Republish
_____Related Coverage_____
'MyDoom' Spreading, Slowing Networks (The Washington Post, Jan 28, 2004)
_____'Mydoom' Fixes_____
Trend Micro
Symantec Security Response
_____Info. on 'Mydoom'_____
McAfee Security
Symantec Security Response
_____Virus Coverage_____
'Bagle' Computer Worm Apparently Slows Down (The Washington Post, Jan 21, 2004)
Microsoft Offers Reward For Virus Culprits (, Nov 5, 2003)
Worm Comes Disguised As Windows Warning (, Sep 19, 2003)
Preventive Medicine For E-Mail (The Washington Post, Aug 28, 2003)
Internet Worm Hits Airline, Banks (, Jan 26, 2003)

Experts said the worm appears to carry instructions allowing its authors to gain access to infected computers.

Perry said the worm appears to be designed to target corporate networks, harvesting potential victims from the vast stores of internal and external e-mail that reside on corporate networks.

"Mydoom managed a deep infestation of businesses Monday, and now we're starting to see an immense surge of infections on the home user front," Perry said.

Mydoom sends itself out to all of the e-mail addresses it finds on the infected computer, faking the "From:" address. It also adds random data to the addresses, generating additional traffic to overwhelm e-mail servers.

Computers infected with Mydoom also are programmed to send large amounts of data to the Web site of The SCO Group, a Lindon, Utah-based company that claims ownership over portions of the widely used Linux open-source operating system. SCO is pursuing legal action against IBM Corp. and other companies, asserting that Linux includes portions of the Unix operating system to which it claims copyright ownership. The open-source community disputes SCO's claims on Linux.

The Mydoom worm is slated to begin a 12-day denial-of-service attack on SCO's Web site starting this Sunday. SCO officials did not return calls for comment. The company's Web site was down through much of Tuesday morning.

Computer security experts said Mydoom is spreading rapidly because it uses several layers of "social engineering" -- subtle means of psychological persuasion -- to get people to open the attachment.

The attached file -- which arrives as an innocuously named file such as "," "," or "," contains a program that, when opened, immediately plants a "backdoor" program that lets the virus writer upload files to the infected machine.

Simon Perry, vice president of security strategy for Computer Associates, an anti-virus company in Islandia, N.Y., said Mydoom spread so fast because it took the opposite approach that most virus authors use, favoring language common to corporate e-mail messages over the promise of sexy photos of Anna Kournikova or "amazing screensaver programs."

"This virus uses a method that runs almost completely counter to everything people have been trained to look for over the last few years," Perry said.

Another problem is that many e-mail users continue to open attachments without knowing who sent them and what is in them, said Marty Lidner of the CERT Coordination Center, a government-funded computer security watchdog group at Carnegie Mellon University in Pittsburgh.

"The underlying fundamental issue is that this is still a user education problem that's clearly not going away until we really succeed in getting the message across," Lidner said.

--Washington Post Staff Writer Jonathan Krim contributed to this article.

< Back    1 2
Print This Article Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About | Advertising | Contact | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication