Internet Changes Everything

Experts worry about Mydoom Internet worm after-effects

Yahoo! News - Experts worry about Mydoom Internet worm after-effects

Fri Jan 30,12:35 PM ETAdd Technology - AFP to My Yahoo!

WASHINGTON (AFP) - With half-a-million dollars in reward as a lure, computer users and security experts scrambled to curb the spread of the Mydoom computer worm amid concerns of serious after-effects from the world's worst Internet epidemic.

The original Mydoom bug was still propagating worldwide along with a variant called Mydoom.B that some said could be more dangerous but may not be spreading as quickly.

In Moscow, a top anti-virus firm said Friday that Russia was 80-percent likely to be the origin of the Mydoom worm and could be an attempt to distribute unsolicited spam mail.

The Russian security firm Kaspersky Labs said it had traced the first emails infected with Mydoom to addresses with Russian Internet providers.

"We have special software to monitor Internet traffic across the world. This detected that the first emails infected by the worm came from Russian providers," the firm's spokesman Denis Zenkin, told AFP.

"But there is a still a 20-percent chance that this was an attempt to mislead. Virus programmers from other countries could have registered an email address in Russia and transmitted their harmful programs via it," he added.

Indeed some experts saw the attacks against Microsoft and SCO, the Utah-based software vendor, as a diversion aimed at hiding the real goal -- to create email relays that can be re-sold to the spam industry.

The SoBig virus of last year "turned out to be piloted by members of organized crime which now use tools in a coordinated way created by spammers, virus instigators and hackers to spread their operations", according to Clusif Clusif, a group of information technology security systems.

Microsoft and SCO, the owner of the Unix (news - web sites) operating system, have together offered 500,000 dollars in rewards for information leading to the arrest and prosecution of Mydoom's creators.

"This worm is a criminal attack," said Brad Smith, senior vice president and general counsel at Microsoft.

"Its intent is to disrupt computer users, but also to keep them from getting to anti-virus locations and other sites that could help them. Microsoft wants to help the authorities catch this criminal."

Alexander Gostiyev, a Kaspersky Labs expert, told a press conference in Moscow that the attack "was very well planned and prepared, perhaps for several months and at least 1,000 computers were infected in advance."

Kaspersky Labs, which describes itself as one of the world's top-10 anti-virus firms, said some 600,000 or so computers had been infected by the bug.

Mydoom spreads through e-mail attachments and downloads from the popular Kazaa file-sharing service, which lets Internet surfers share content such as games, movies and music.

Part of Mydoom's "success" is that it -- unlike many earlier bugs -- poses as an error note with the main text message attached, prompting users to open the attachment to read it, thereby inadvertently launching the virus.

"The truly worrying phenomenon with these new viruses is the spread of undetectable open access on users' machines, be it by Mydoom or old viruses," said Francois Paget, director of research at Network Associates.

He said it was leading to a large number of vulnerable machines since there were 20,000 attempts at creating open access on computers every month.

Consequently, Internet access providers are becoming ever more pressing in their recommendations to customers to equip themselves not only with anti-virus software but also a firewall to oversee traffic leaving the computer as well.

This is all the more important because of the explosion of high-speed connections, which means that ever more computers are being permanently left "on-line".

California-based Panda Software said Mydoom.A was still spreading rapidly, even though individual computer users may be seeing fewer infected e-mails.

It said one in every five e-mails is carrying this worm, making four million infected e-mails in circulation.

January 31, 2004 at 12:13 AM in Virus | Permalink | Top of page | Blog Home