Topic: MY DOOM

[Clive]

No end in sight to Mydoom virus
 
More than a million computers could now be infected with the Mydoom virus, say experts.
The virulent program has also reached the number two position in the list of most active viruses of all time.

As well as causing havoc for many home and business users, the virus has also knocked offline the website of US software firm SCO.

Next in line for attack is the website of Microsoft which is due to come under attack from 3 February.

Record breaker

The estimate of infected machines comes from Finnish anti-virus firm F-Secure and reveals just how widespread Mydoom has become since it first appeared on 26 January.

In the few days since it appeared Mydoom.A, also known as Novarg or Shimgapi, has become the second most active virus of all time according to mail filtering firm MessageLabs which has now stopped more than 16m copies of the virus.

This puts it ahead of Klez.H, the virus in the number three slot on MessageLab's top ten. In 18 months Klez.H has racked up a total of 8m copies - a figure that Mydoom has beaten in less than a week.

As the virus is continuing its rampage across the net it could soon become the biggest virus of all time.

Heading the list of all time top viruses is Sobig.F of which MessageLabs has now caught more than 33m copies.

Most of the copies of Mydoom caught are of the original A-strain. The new variant, Mydoom.B, is classified as a low threat because it is not widespread.

This will come as a relief for Microsoft whose website is due to come under attack on 3 February from this version.

Bad clicks

Over the weekend the original strain subjected the website of Utah-based software firm SCO to an overwhelming barrage of traffic, known as a Distributed Denial of Service (DDoS) attack.

Infected computers were used to bombard the website with bogus data packages that utterly paralysed the site.

SCO has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.
 
For now SCO has set up a temporary website at www.thescogroup.com until the digital barrage on http://www.sco.com ends.

Security firms were keen to point out that although the DDoS attacks will end, the backdoor into infected PCs created by Mydoom will remain open indefinitely.

The virus has managed to spread so far and so fast thanks to the gullibility of many PC users.

The payload of the virus was concealed in an attachment made to look like it was a bounced e-mail message.

Many people opened up this attachment to find out which of their messages had supposedly not got through. Instead of seeing the text of a message they got garbled text and an infected PC.

One other sneaky trick that the virus plays is to fiddle with a PC's net settings to make some sites, mainly those of anti-virus firms, unreachable.


http://news.bbc.co.uk/1/hi/technology/3451059.stm
 
I'm receiving a steady stream of around 10 a day now.

[Simon]

I've been lucky, as I haven't received any since the four a few days ago.  I wonder how much more of this it will take to get M$ to include anti-virus protection in future versions of Windows?

[Clive]

Mydoom Author: 'Sorry'
January 30, 2004 (5:23 p.m. EST)
By Antone Gonsalves, TechWeb News

The Mydoom variant that joined the original virus in raising havoc on the Internet this week contains a cryptic message in which the author appears to apologize for the malicious code, security experts said Friday.
The creator of what anti-virus experts say is the fastest spreading virus ever on the Internet signed Mydoom and Mydoom.B with "andy," and left the following message in the latter version: "I'm just doing my job, nothing personal, sorry."

"Our interpretation is that he's apologizing to the general public," Jimmy Kuo, research fellow for anti-virus software maker Network Associates Technology Inc., said. "Our guess is that someone is paying him to write this thing."

Both Mydoom versions install a "backdoor" in infected PCs, enabling hackers to commandeer the machines to send spam, launch denial of service attacks or perform other nefarious acts.

Some experts, however, doubted the sincerity of the apology. Many virus writers leave cryptic messages in their code to tease investigating authorities and to pat themselves on the back for their handiwork.

"If he's really sorry, then why did he release it," Michele Morelock, technical support leader for anti-virus software maker Sophos Inc., based in Lynnfield, Mass., said. "I would imagine it's much more tongue-in-cheek than saying I'm really sorry for releasing it."

http://www.techweb.com/wire/story/TWB20040130S0011

[Simon]

He'll be bloody sorry if he gets caught!   >

[Clive]

For those who are interested, F-Secure, the firm that claims to have cracked the MyDoom virus in two hours, is blogging the MyDoom virus outbreak.

http://www.f-secure.com/weblog/

[Clive]

Mydoom virus starts to fizzle out
 
Slowly but surely the Mydoom virus is dying out.

Figures from mail filtering firm MessageLabs show that the number of copies of the virus being caught everyday are swiftly diminishing.

The peak day of infection was 28 January when 4.5m copies of the malicious program were caught.

But only 300,000 copies of the virus were caught on 3 February as people clean up compromised machines and stop them spewing out infected messages.

Clean start

Despite the slowdown Mydoom has already become the fastest spreading virus ever and looks set to challenge the Sobig.F program for the most active virus of all time.

 MYDOOM COPIES CAUGHT
27 January - 4.2m
28 January - 4.5m
29 January - 3.7m
30 January - 3.6m
31 January - 1.5m (Saturday)
1 February - 980,000 (Sunday)
2 February - 1.1m
3 February - 300,000
Source: MessageLabs  
Mydoom first emerged on 26 January and since then has infected machines in 214 countries according to MessageLabs. So far the firm has caught more 21m copies of Mydoom.

But the numbers it is catching every day are diminishing suggesting that the virus is now under control and home users and companies are bringing infected machines under control.

The virus did not rely on technical tricks to spread so far and wide, instead it played on the gullibility of users to open the e-mail message bearing it and click on the infected attachment.

Some versions of the virus posed as technical messages that claimed to contain the text of undelivered e-mail messages.

http://news.bbc.co.uk/1/hi/technology/3459363.stm

[Simon]

 Now they just have to catch the bugger!   >