MyDoom Computer Virus
A variant of the Mydoom computer virus that infected 300,000 computers in February 2004 is spreading rapidly again through e-mail.
MyDoom.O is a mass-mailing worm with an SMTP engine that sends emails to addresses harvested from infected machines. The sender's From: email address is forged, and therefore does not indicate the true identity of the sender. MyDoom.O may also spoof from the mailer-daemon@ address, which is typically used to indicate a delivery failure, thus enhancing its social engineering trickery. The executable file is approximately 27,648 bytes in size. The virus is also packed with UPX v1.0x and stored in a ZIP attachment.
The virus uses Google, Yahoo Inc. and other search engines to find e-mail addresses, Symantec said. It's hidden in e-mails that arrive disguised as an error message at a user's desktop. Opening an attachment spreads the worm via e- mail to others.
Did you see this message?
Google was under some kind of DoS Attack 25 July 2004. Computer infected by new MyDoom variant creates millions of additional queries to Google, resulting in error messages for some users. The attack uses a new technique designed to spread the worm as quickly as possible. It's customary for computer viruses to search an infected computer for e-mail addresses, then send itself to those e-mail addresses in an attempt to spread quickly.
The new version of MyDoom goes one step farther: for each domain name it finds on an infected computer, it generates a Google search, then lifts e-mail addresses out of the results. Infected computers regularly have about 1,000 e-mail addresses on them, so each infection can generate as many as 1,000 queries to Google.
Also the rivalry between NetSky gang and the MyDoom gang became clear to anti-virus experts earlier in the year when Jaschan's Netsky virus was unleashed on the Net, designed to hunt out and destroy MyDoom and another pesky virus, "Bagel". Bagel and MyDoom contagions had been programmed to take control of vulnerable PCs and turn them into spam machines that spit out streams of junk e-mail.
MyDoom in the news:
A volley of new MyDoom viruses have hit the Internet, including the most recent "MyDoom.Y", which carries a file attachment with a mugshot of accused German virus author Sven Jaschan, believe to be one of the author of NetSky virus. Now it appears rival programmers are exulting in his downfall and using their favourite calling card - a tenacious computer virus dubbed "MyDoom" - to mock their vanquished foe. September 2004.
The new MyDoom virus now uses the Yahoo people search engine for new victim addresses. The MyDoom virus normally spreads via email, with a fake sending address and a variety of different subject lines. The body of an infected email contains random sentences, some of which refer to the attached Zip file that contains viral code. Once opened, this payload file copies itself to the Windows system directory as “winlibs.exe.” The executable contains a list of dozens of common first and surnames that it puts through Yahoo’s ‘People Search’ function in an attempt to find more email addresses to target for infection. It also scours files on the infected user’s hard drive for future potential victim. August 2004.
Computers compromised by the MyDoom.O virus, which earlier this week disrupted four search engines including Google's, are being used by a new worm to launch an attempted denial of service attack on Microsoft's website. Once a computer is infected with the follow-up Zindos worm, which spreads via the backdoor opened by MyDoom.O, it launches a denial of service attack against microsoft.com. (comments - Microsoft has anti DoS routers in placed, therefore any disruption is probably temporary.) July 2004.
Available Cleaner/Remover: Microsoft Zapper
|
Post your comment