Tricky 'MyDoom' e-mail worm spreading quickly
Worm launches attack on site for Unix-owner SCO Group
By Jeordan Legon
|WHAT IS A WORM?|
A program that makes copies of itself -- for example, from one disk drive to another, or by copying itself using e-mail or another transport mechanism.
|WARD OFF WORMS|
Aside from installing anti-virus software, Symantec suggests these tips to guard against computer worms:
Don't open e-mail from an unknown source.
Only open expected e-mail attachments.
Don't automatically open e-mail attachments.
Don't download programs from Web sites, unless you know and trust the source.
Update your anti-virus software at least every two weeks.
(CNN) -- Hackers unleashed an agile worm Monday -- using a sneaky, fairly new tactic to get unsuspecting computer users to diffuse their malicious code.
Dubbed "W32/MyDoom" or "Novarg," the worm circulated so fast anti-virus firms quickly raised threat warnings to "high" saying the bug was one of the worst in recent months.
The worm is contained in e-mails with random senders' addresses and subject lines. While the body of the e-mail varies, it usually includes what appears to be an error message, such as: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."
While many computer users are savvy about not opening executable files or other attachments that may contain viruses, the latest worm masks itself as an innocuous text document or a file that your computer appears unable to read.
"This one is almost begging you to click on the attachment," said Sharon Ruckman, the head of anti-virus firm Symantec's security response team.
When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself and installs a "keystroke" program that allows a hacker to break in and record everything being typed, including passwords and credit card numbers.
The worm sends out a slew of messages that forced some companies to shut down their e-mail gateways to stop the infection, said Vincent Gullotto, who runs Network Associates' McAfee Anti-Virus Emergency Response Team.
MyDoom also appeared to launch a Denial of Service attack on the site for SCO Group, a Utah company which recently sued IBM, challenging that firm's intellectual property in parts of Linux. SCO.com was inaccessible for some time Monday afternoon.
Anti-virus experts said MyDoom was on track to hit even more machines than Nimda, a 2001 worm that spread widely with an attachment that read "Readme.exe."
This time, besides the "binary attachment" message, MyDoom comes with all different file extensions including .pif, .zip and .csr. It also uses an attachment icon similar to one used for Windows text messages. All of this, security experts warn, was succeeding in tricking people into thinking the e-mail was legitimate.
After a relative lull in the number of viruses distributed during the holidays, anti-virus experts expected a hectic Tuesday as office workers fired-up their computers and unwittingly spread the worm.
Two other less prominent worms, Mimail.Q and Dumaru, were also making their way around the Internet.
Mimail.Q changes the body and attachment over time, but, for now, some of the e-mails containing the worm used the subject line: "Hi my sweet Nancy."
Dumaru comes with the subject line "Important information for you. Read it immediately!" and includes an attachment called myphoto.zip.
"The virus writers [are] ... back from vacation and they've started pushing out their creations," Gullotto warned.