Experts warn more lethal version could be in the works…
By Robert Lemos
Published: 13 September 2004 09:15 GMT
Security experts have warned that several new versions of MyDoom have surfaced on the internet, suggesting that worm writers are taking a stab at improving the venerable virus.
The viruses are largely alike: They are designed to spread by attaching copies of the program to email messages and download additional features from compromised websites. Moreover, they are all difficult to clean from an infected Microsoft Windows-based PC, because they stop the system from connecting to antivirus websites to download updates.
The fact that several similar variations of MyDoom have been released in quick succession suggest that a more lethal version may be in the works, said Sam Curry, VP of product management for Computer Associates International's eTrust software.
"We saw similar behaviour with the Bagle virus - three or more variants of a virus...were all low, but then they were followed by a high-threat virus," he said. "We are pretty much on alert now through the weekend, and we are recommending that people be careful with email."
The original MyDoom appeared in January. It spread quickly as a malicious attachment carried by spam email. At the time, some antivirus vendors declared the program the worst mass-mailing computer virus to hit internet users. It is programmed to set off data floods that target websites belonging to Microsoft and the SCO Group, a company that has claimed ownership of key technology in the Linux operating system.
Recent versions of the virus have renewed attacks on Microsoft, containing messages that have asked for a job in the security industry.
The inclusion of anti-removal code in the MyDoom offshoots that emerged last Friday could be a sign that spammers and others in the internet underground want to gain control of vast numbers of PCs, said Alfred Huger, senior director of security response at Symantec.
"I think we are looking at someone looking to do a real-estate grab," he said. "The virus seems to be about getting new hosts and keeping them."
Another plausible theory is that the writer or writers behind the malicious program are tweaking its abilities and testing the result, Huger noted.
"It is entirely likely that [iterative development] is going on or that the source has been released to a new group of people," he said.
That could mean that a bigger Doom is on the way, he said.
Robert Lemos writes for CNET News.com
The person selected will receive a full and comprehensive training program along with a mentoring scheme so previous experience is not needed. This ...
The systems development team is responsible for a variety of existing internal and external Websites and systems that are under a rolling program of ...
Connect Group is very proud to be working with this client again after previous successful contract placements; this time round our client is looking ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech