MyDoom variant attacks Microsoft.com
PrintSame author, less damage
Posted in Malware, 28th January 2004 20:50 GMT
Free whitepaper – PowerEdge M610-M710 spec sheet
A variant of the prolific MyDoom worm which is programmed to attack both Microsoft.com and SCO's Web site has been unleashed.
Like its predecessor, MyDoom-B spreads via email or the KaZaA file-sharing network.
The worm made its first appearance this afternoon and is, so far, less common than MyDoom-A, according to Alex Shipp, senior AV technologist at mail filtering firm MessageLabs.
AV vendors are still analysing the malware.
Denis Zenkin, of Russian AV outfit Kaspersky Labs, told El Reg that he is convinced the variant was released by the same person or group responsible for the original virus.
Revamping a virus requires access to source code - which hasn't yet been published on virus-writing sites, according to Zenkin.
Kaspersky also reckons MyDoom-B is probably using machines infected by the original virus to propagate, another factor which points to the same perpetrator being behind both attacks.
AV vendors are in the process of updating protection to defend against the worm. For now probably the best advice is to treat unsolicited attachments with extreme scepticism. ®
Related Stories
SCO posts $250,000 worm bounty
Latest Email worm has SCO-facing payload
MyDoom is the worst virus ever
Viruses and hackers make Windows more secure - Gates
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Enabling the Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive