MyDoom variant attacks Microsoft.com
Same author, less damage
Posted in Anti-Virus, 28th January 2004 20:50 GMT
A variant of the prolific MyDoom worm which is programmed to attack both Microsoft.com and SCO's Web site has been unleashed.
Like its predecessor, MyDoom-B spreads via email or the KaZaA file-sharing network.
The worm made its first appearance this afternoon and is, so far, less common than MyDoom-A, according to Alex Shipp, senior AV technologist at mail filtering firm MessageLabs.
AV vendors are still analysing the malware.
Denis Zenkin, of Russian AV outfit Kaspersky Labs, told El Reg that he is convinced the variant was released by the same person or group responsible for the original virus.
Revamping a virus requires access to source code - which hasn't yet been published on virus-writing sites, according to Zenkin.
Kaspersky also reckons MyDoom-B is probably using machines infected by the original virus to propagate, another factor which points to the same perpetrator being behind both attacks.
AV vendors are in the process of updating protection to defend against the worm. For now probably the best advice is to treat unsolicited attachments with extreme scepticism. ®
Related Stories
SCO posts $250,000 worm bounty
Latest Email worm has SCO-facing payload
MyDoom is the worst virus ever
Viruses and hackers make Windows more secure - Gates
Securing your Online Data Transfer with SSL
The Botnet Threat
Extended Validation SSL Certificates
Spam Spikes: A Real Risk to Your Business

Netbooks and Mini-Laptops
How the fate of the US economy rests on a Dell workstation
How many terabytes can you fit on a 2.5-inch hard drive?
China's nonstop music machine