Coriolis
02-17-2005, 05:14 PM
Call it the worm that simply will not die. Anti-virus vendors have begun issuing warnings that yet another variant of last year's notorious Mydoom is spreading fast.
This variant, Mydoom.AO or W32/Mydoom.bb@MM worm, also known as Mydoom.bb, uses Google, Altavista, Yahoo and Lycos to search for e-mail addresses in order to replicate itself; thus a single infected computer can distribute thousands of copies of the worm in just a few minutes, according to Panda Software CTO Patrick Hinojosa.
Like the other variants, this Mydoom installs a back door onto the infected computer, which makes it highly likely it is being spread by hackers who work for spammers and other Internet miscreants. "They are probably laying the groundwork for a spam attack or to look for credit card strings," he tells NewsFactor.
Proven Code
That is probably the disconcerting reason for Mydoom's persistence: It has been proven effective. "The Mydoom family was one of the most successful viruses ever," Sophos security consultant Graham Cluley tells NewsFactor. That is why it keeps getting repackaged and released.
Compared to the earlier variants, he says, Mydoom.AO is spreading at a relatively slow pace. "It is spreading faster than anything we have seen in recent weeks, but nothing compared to the significant numbers of earlier attacks," he says.
How It Works
According to Panda Sofware, after Mydoom AO finds a likely e-mail address, it attempts to trick users by pretending to be a mail delivery error message.
The name of the attached file that actually contains the worm is chosen at random and has one of the following extensions: ZIP, COM, SCR, EXE, PIF, BAT or CMD.
Riding the Search Engine
This is not the first time a virus has made use of a search engine in order to spread. According to Luis Corrons, director of PandaLabs, Mydoom.N was the first virus to use this strategy. "This new worm is following in its footsteps," he says.
Virus creators are finding Internet search engines a powerful tool for rapidly spreading malicious code. This tactic effectively multiplies the propagation capacity of a virus, and it is therefore likely that we will see more of the same.
(Source - http://enterprise-security-today.newsfactor.com/
This variant, Mydoom.AO or W32/Mydoom.bb@MM worm, also known as Mydoom.bb, uses Google, Altavista, Yahoo and Lycos to search for e-mail addresses in order to replicate itself; thus a single infected computer can distribute thousands of copies of the worm in just a few minutes, according to Panda Software CTO Patrick Hinojosa.
Like the other variants, this Mydoom installs a back door onto the infected computer, which makes it highly likely it is being spread by hackers who work for spammers and other Internet miscreants. "They are probably laying the groundwork for a spam attack or to look for credit card strings," he tells NewsFactor.
Proven Code
That is probably the disconcerting reason for Mydoom's persistence: It has been proven effective. "The Mydoom family was one of the most successful viruses ever," Sophos security consultant Graham Cluley tells NewsFactor. That is why it keeps getting repackaged and released.
Compared to the earlier variants, he says, Mydoom.AO is spreading at a relatively slow pace. "It is spreading faster than anything we have seen in recent weeks, but nothing compared to the significant numbers of earlier attacks," he says.
How It Works
According to Panda Sofware, after Mydoom AO finds a likely e-mail address, it attempts to trick users by pretending to be a mail delivery error message.
The name of the attached file that actually contains the worm is chosen at random and has one of the following extensions: ZIP, COM, SCR, EXE, PIF, BAT or CMD.
Riding the Search Engine
This is not the first time a virus has made use of a search engine in order to spread. According to Luis Corrons, director of PandaLabs, Mydoom.N was the first virus to use this strategy. "This new worm is following in its footsteps," he says.
Virus creators are finding Internet search engines a powerful tool for rapidly spreading malicious code. This tactic effectively multiplies the propagation capacity of a virus, and it is therefore likely that we will see more of the same.
(Source - http://enterprise-security-today.newsfactor.com/