johnbryanpeters
01-27-2004, 12:06 PM
January 26, Computerworld
A new e−mail worm has appeared on the Internet and is spreading rapidly, according to leading anti−virus companies. The worm, called W32/Mydoom, surfaced late Monday, January 26. "This worm is taking off like a rocket, with well over 20,000 interceptions in just 2 hours of it being discovered," Ken Dunham of iDefense Inc. said. The virus is also being called MiMail.R, Shimg, Novarg and Mydoom, althought it's not certain yet that this code is a variant of the MiMail virus, Dunham said. Mydoom carries varying subjects such as "HELLO" or a blank subject, as well as a variety of messages and attachments. When loaded, it calls up Notepad and displays random characters, while creating a copy of itself and modifying the infected machine's Windows registry to run the code upon start−up. It may open a TCP port to listen for commands from a remote attacker, according to Dunham. "It also attacks sco.com with a DDoS [denial−of−service] attack," said a statement from F−Secure. It can spread by both e−mail and the Kazaa file−sharing system, several anti−virus vendors said. Computer Associates International Inc.'s research labs received 11 copies of the new worm almost simultaneously today, indicating a rapidly spreading infection. The Mercury News reports that Vincent Gullotto of McAfee AVERT said the company had received reports from some companies receiving MyDoom e−mails at rates as great as 1,000 a minute. He added at as many as six Fortune 500 companies have been affected.
Source:
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,89449,00.html
A new e−mail worm has appeared on the Internet and is spreading rapidly, according to leading anti−virus companies. The worm, called W32/Mydoom, surfaced late Monday, January 26. "This worm is taking off like a rocket, with well over 20,000 interceptions in just 2 hours of it being discovered," Ken Dunham of iDefense Inc. said. The virus is also being called MiMail.R, Shimg, Novarg and Mydoom, althought it's not certain yet that this code is a variant of the MiMail virus, Dunham said. Mydoom carries varying subjects such as "HELLO" or a blank subject, as well as a variety of messages and attachments. When loaded, it calls up Notepad and displays random characters, while creating a copy of itself and modifying the infected machine's Windows registry to run the code upon start−up. It may open a TCP port to listen for commands from a remote attacker, according to Dunham. "It also attacks sco.com with a DDoS [denial−of−service] attack," said a statement from F−Secure. It can spread by both e−mail and the Kazaa file−sharing system, several anti−virus vendors said. Computer Associates International Inc.'s research labs received 11 copies of the new worm almost simultaneously today, indicating a rapidly spreading infection. The Mercury News reports that Vincent Gullotto of McAfee AVERT said the company had received reports from some companies receiving MyDoom e−mails at rates as great as 1,000 a minute. He added at as many as six Fortune 500 companies have been affected.
Source:
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,89449,00.html