MyDoom spawns four small offshoots
Takeaway: Four minor copies of the program surface, which may indicate that a more lethal MyDoom is on the way, according to some experts.
Stay on top of the latest tech news with our free IT News Digest e-newsletter, delivered each weekday. Automatically sign up today!By
Robert Lemos
CNET News.com
Security experts warned on Friday that several new versions of MyDoom have surfaced on the Internet, suggesting that worm writers are taking a stab at improving the venerable virus.
The viruses are largely alike: They are designed to spread by attaching copies of the program to e-mail messages and download additional features from compromised Web sites. Moreover, they are all difficult to clean from an infected Microsoft Windows-based PC, because they stop the system from connecting to antivirus Web sites to download updates.
The fact that several similar variations of MyDoom have been released in quick succession suggest that a more lethal version may be in the works, said Sam Curry, vice president of product management for Computer Associates International's eTrust software.
"We saw similar behavior with the Bagle virus--three or more variants of a virus...were all low, but then they were followed by a high-threat virus," he said. "We are pretty much on alert now through the weekend, and we are recommending that people be careful with e-mail."
The original MyDoom appeared in January. It spread quickly as a malicious attachment carried by spam e-mail. At the time, some antivirus vendors declared the program the worst mass-mailing computer virus to hit Internet users. It is programmed to set off data floods that target Web sites belonging to Microsoft and the SCO Group, a company that has claimed ownership of key technology in the Linux operating system.
Recent versions of the virus have renewed attacks on Microsoft, containing messages that have asked for a job in the security industry.
The inclusion of antiremoval code in the MyDoom offshoots that emerged Friday could be a sign that spammers and others in the Internet underground want to gain control of vast numbers of PCs, said Alfred Huger, senior director of security response at Symantec, an antivirus company.
"I think we are looking at someone looking to do a real-estate grab," he said. "The virus seems to be about getting new hosts and keeping them."
Another plausible theory is that the writer or writers behind the malicious program are tweaking its abilities and testing the result, Huger noted.
"It is entirely likely that (iterative development) is going on or that the source has been released to a new group of people," he said.
That could mean that a bigger Doom is on the way, he said.
Print/View all Posts Comments on this article
 Do you think your network is safe from a MyDoom infection?Jason Hiner  | 09/13/04 |
SponsoredWhite Papers, Webcasts, and Downloads
- Case Study: GHS Data Management - Improving Data Protection and Storage Reliability for Critical Databases Dell EqualLogic
- Sprint DataLink for Wireless WAN Fact Sheet Sprint
- IBM Multiform Master Data Management: The evolution of MDM applications IBM
- IBM pureXML for SOA: Unlocking the business value of information IBM
- Advances in Data Warehouse Performance: I/O Elimination in DB2 IBM
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
