MyDoom and Netsky cause chaos

Viral plagues pillage and burn

By ElectricNews.net • Get more from this author

Posted in Anti-Virus, 27th February 2004 10:14 GMT

Free whitepaper – Avoiding 7 common mistakes of IT security compliance

MyDoom.F and Netsky.C have been sweeping across the Internet, deleting files, hijacking PCs and apparently attacking the Microsoft and the RIAA Web sites.

Self-propagating e-mail bug MyDoom.F, which emerged last Friday, has been corrupting digital entertainment files and Microsoft Office documents. It also uses the host computer to launch a distributed denial of service (DDoS) attack against the Web sites of both Microsoft and the Recording Industry Association of America (RIAA). The RIAA, a lobbying group for the music industry, has drawn the hostility of computer users since it began suing on-line song swappers last year.

PandaLabs, which produces the Panda ActiveScan anti-virus software, said that Netsky.C reaches computers in an email message whose subject, message body and attached file are selected at random from a long list of options. When the attached file is run, Netsky.C copies itself to all the disk drives on the computer under the name WINLOGON.EXE.

The bug spreads by sending itself out to all e-mail addresses it finds in files with extensions such as .eml, .txt, .php, .htm, .wab and .msg. It does this using its own SMTP engine, the programme required to send emails between computers.

The worm also copies itself under a wide range of names to all the folders on the computer whose name contains the sequence of letters "shar." By doing this, it can also spread through file sharing applications like KaZaA.

Free whitepaper – Certify your software integrity with Thawte code signing certificates