Internet Changes Everything

MyDoom virus attack poses 'critical threat' to internet

Times Online - Newspaper Edition

By Ellen Connolly

THE MyDoom computer virus has overtaken the Sobig.F bug as the largest virus outbreak, clogging the internet with millions of infected e-mails in its first 36 hours and prompting the FBI to mount an investigation.
“It’s already taken over from Sobig and doesn’t look like slowing, or plateauing, until probably Friday,” Natasha Staley, information security analyst of MessageLab, UK headquarters, said yesterday. “In the first 24 hours we intercepted one million of Sobig compared to MyDoom, where we’ve intercepted 1.2 million, so that’s an indication of the degree of penetration.”

The Sobig.F virus, which struck in August, caused more than 300 million infected e-mails to be sent during its first week.

Mikko Hyppoenen, the head of anti-virus research at the Finnish virus security company F-Secure, said that MyDoom has generated more than 100 million infected e-mails.

Normally computer virus outbreaks wane after 24 hours, when most computer users have had a chance to update their anti-virus protection software, but yesterday, 36 hours after being first detected in Russia, the MyDoom outbreak continued its spread. It was not expected to tail off until tomorrow.

Scott Chasin, the chief technology officer at the United States-based security firm MX Logic, described MyDoom as a �critical threat�. He said yesterday that the company had seen a peak at 1,200 infected e-mails per second.

The MyDoom virus outbreak, also known as Novarg, erupted late on Monday, during normal office hours in North America. As a result, most of the infected computers and e-mail traffic are in Canada and the United States.

Some analysts said that users are opening the attachments and spreading the virus because the e-mails appear innocuous, sometimes referring to failed mail deliveries.

The virus arrives on e-mails with messages such as: �Mail transaction failed. Partial message is available.� If the user opens the accompanying file, the virus W.32.Novarg.A@mm, is activated and sends a copy of itself to everyone in the address book.

Ms Staley said that while home computer users were likely to be the most affected, some businesses in Britain and the US would have suffered significant financial loss.

Mikael Albrecht, of F-Secure, said that the virus�s main purpose was to attack and overload the website of one of the world�s biggest vendors of the Unix operating system, a competitor of Microsoft Windows.

SCO Group, the Unix operating system owner, said that it was offering a $250,000 (�136,000) reward for information leading to the arrest and prosecution of the virus creators.

The bug�s secondary function is to provide its author with a �back door� to the infected computers to control them remotely, possibly to co-ordinate an attack, he said.

An FBI spokesman said that it was �actively investigating� the MyDoom worm to find out where it had originated. �We have not done a full assessment, but it�s serious enough to warrant the FBI to look into this,� he said.

January 28, 2004 at 08:16 PM in Security | Permalink | Top of page | Blog Home