MyDoom variant attacks Microsoft.com
Print storySame author, less damage
Posted in Anti-Virus, 28th January 2004 20:50 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
A variant of the prolific MyDoom worm which is programmed to attack both Microsoft.com and SCO's Web site has been unleashed.
Like its predecessor, MyDoom-B spreads via email or the KaZaA file-sharing network.
The worm made its first appearance this afternoon and is, so far, less common than MyDoom-A, according to Alex Shipp, senior AV technologist at mail filtering firm MessageLabs.
AV vendors are still analysing the malware.
Denis Zenkin, of Russian AV outfit Kaspersky Labs, told El Reg that he is convinced the variant was released by the same person or group responsible for the original virus.
Revamping a virus requires access to source code - which hasn't yet been published on virus-writing sites, according to Zenkin.
Kaspersky also reckons MyDoom-B is probably using machines infected by the original virus to propagate, another factor which points to the same perpetrator being behind both attacks.
AV vendors are in the process of updating protection to defend against the worm. For now probably the best advice is to treat unsolicited attachments with extreme scepticism. ®
Related Stories
SCO posts $250,000 worm bounty
Latest Email worm has SCO-facing payload
MyDoom is the worst virus ever
Viruses and hackers make Windows more secure - Gates
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive