Feeds

We're all MyDoomed

On the Google-bashing Zombie virus

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

A computer virus which affected the operation of Google yesterday is spreading like wildfire.

MyDoom-M (AKA MyDoom-O) has adopted a new trick of using search engines to find email addresses to target for infection. The worm queries search.lycos.com, search.yahoo.com, AltaVista, and Google in its attempts to harvest additional email addresses for possible distribution. Google blamed the virus after some users complained of search results turning up nothing but error messages.

User reports of problems with Google - along with problems accessing MSDN, Microsoft.com and Hotmail - poured into The Register yesterday afternoon. Netcraft, the Net monitoring firm, said it had noticed no performance problems with Microsoft.com and our inquiries to Akamai, which runs the content distribution network used by many Microsoft sites, also drew a blank. Microsoft said the worm did not affect its sites directly but may have affected the ability of some of its users to reach those sites.

Alex Shipp of email security firm MessageLabs, said early analysis of the worm has revealed nothing to suggest it targeted Microsoft sites directly. However, the volume of traffic generated by the worm may have downgraded system performance for many people, causing the problems observed by many of you.

MessageLabs blocked 23,000 copies of MyDoom-O within the first five hours of the worm's outbreak yesterday morning. Today anti-virus firm Symantec has upgraded the worm to a Level 4 threat (Level 5 is the most severe) due to increased submission rates.

Beware bogus security warning

Mydoom-O is a mass-mailing worm that opens a back door - Zincite-A - on port 1034/TCP of compromised PCs. This gives attackers remote, unauthorised access to infected PCs. MyDoom-O spreads aggressively through email, using its own SMTP engine. This mass mailing may clog mail servers and downgrade system performance.

The worm sends emails to addresses harvested from infected PCs as well as to email addresses it finds through search engines. The sender's From: email address is invariably forged, and therefore does not indicate the true identity of the sender. The subject and body of infected messages vary, but normally refer to bogus security warnings ostensibly from a user's own administrator. This social engineering ruse, although by no means new, helps explain MyDoom-O's wildfire spread.

Standard precautions apply to defending against the bug: update AV signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. As usual, MyDoom-O is a Windows-only menace. But security-conscious PC, Linux or Mac users are not wholly immune though, thanks to the blizzard of bounced and redirected messages generated as a result of MyDoom's spoofing behaviour. ®

Related stories

Google goes gimpy from MyDoom infection
Zombie PCs spew out 80% of spam
Mutant son of MyDoom plans three-pronged attack
Delivering the 12kb Bomb
MyDoom and NetSky cause chaos

The smart choice: opportunity from uncertainty

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.