Fun with the W32/MyDoom virus.

***Dave talked about it so I figured I’d toss up something about it as well. Goodness knows it’s certainly got the anti-virus group at my company all up in arms today having received four urgent pages on the issue already.

There seems to be some confusion over exactly what to call this new scourge as in addition to the name “W32/MyDoom” it’s also been labeled “Novarg” and/or a “Mimail” variant depending on which anti-virus company you’re talking to. It certainly doesn’t help that two other worms called “Mimail.Q” and “Dumaru” are also making the rounds lately, though not as quickly as this new one. The main goal of MyDoom appears to be to infect as many PCs as possible for an upcoming distributed denial of service attack (DDOS) against the SCO Group’s domain, that being the “most hated company in tech” mentioned in my previous entry. Though it also installs a key-logger on your system leaving you vulnerable to exposing passwords, credit card numbers and other data to the hackers who wrote it. Plus it mails itself like crazy to every email address it can find which is why the Net has been so sluggish lately. MyDoom is rather clever in getting folks to launch it as well:

CNN.com – Tricky ‘MyDoom’ e-mail worm spreading quickly – Jan. 27, 2004

The worm is contained in e-mails with random senders’ addresses and subject lines. While the body of the e-mail varies, it usually includes what appears to be an error message, such as: “The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.”

While many computer users are savvy about not opening executable files or other attachments that may contain viruses, the latest worm masks itself as an innocuous text document or a file that your computer appears unable to read.

“This one is almost begging you to click on the attachment,” said Sharon Ruckman, the head of anti-virus firm Symantec’s security response team.

Anti-virus experts said MyDoom was on track to hit even more machines than Nimda, a 2001 worm that spread widely with an attachment that read “Readme.exe.”

This time, besides the “binary attachment” message, MyDoom comes with all different file extensions including .pif, .zip and .csr. It also uses an attachment icon similar to one used for Windows text messages. All of this, security experts warn, was succeeding in tricking people into thinking the e-mail was legitimate.

Naturally the lesson here is to not open attachments you don’t recognize from people you don’t know. You should also have an anti-virus scanner installed on your PC that is up-to-date. Even if you can’t afford/don’t want to spend money on such software you don’t have an excuse as there are several free anti-virus programs out there you could use. While they may not update their dat files as quickly as the big boys do, they still offer decent protection. Here are a few I’ve used from time to time:

It bears repeating again that if you’re on the Net (and if you’re reading this you ARE on the Net) and you run a version of Windows, but don’t have some form of anti-virus installed then you’re asking for trouble.

4 thoughts on “Fun with the W32/MyDoom virus.

  1. I run a few different virus and trojan scanners and some of them are having a hard time when the nasty bits are zipped up.  Of course, once you try to unzip it (I know, I’m an idiot because I test how good my anti-virus stuff is by deliberately trying to infect myself) the red lights start flashing.

    I dunno, though…part of me says that anyone who gets a virus in this day and age probably deserves it.  If you’re too oblivious to scan for viruses you don’t deserve to have a working computer.

  2. You could also add the use of a firewall as well, especially for those on a broadband connection. It is amazing to me how many people will open anything that comes in and haven’t the slightest idea of updating their anti-virus software; Update, you mean I have to update?

  3. Daniel, I do agree a firewall is worthwhile, but for now I’d be happy if we could just get the amount of folks using a current virus scanner up to a decent level.

    Natalie, the only reason I’m not of the if-they-don’t-use-a-scanner-they-get-what-they-deserve mindset is the simple fact that it’s not just themselves they’re hurting anymore. These damned things generate so much mail that they affect me not just in the amount of bounced messages I never sent, but in slowing down the Net in general with all the crap flying around and DDOS attacks being launched. Them being stupid is affecting all of us so it behooves me to try and educate/shame them.

  4. Good point, Les.  I guess I tend to get a little “ivory tower” about the whole thing since I’m behind a firewall AND a Linux box.  And I still don’t feel truly safe running Windows, sigh.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.