Feeds

We're all MyDoomed

On the Google-bashing Zombie virus

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A computer virus which affected the operation of Google yesterday is spreading like wildfire.

MyDoom-M (AKA MyDoom-O) has adopted a new trick of using search engines to find email addresses to target for infection. The worm queries search.lycos.com, search.yahoo.com, AltaVista, and Google in its attempts to harvest additional email addresses for possible distribution. Google blamed the virus after some users complained of search results turning up nothing but error messages.

User reports of problems with Google - along with problems accessing MSDN, Microsoft.com and Hotmail - poured into The Register yesterday afternoon. Netcraft, the Net monitoring firm, said it had noticed no performance problems with Microsoft.com and our inquiries to Akamai, which runs the content distribution network used by many Microsoft sites, also drew a blank. Microsoft said the worm did not affect its sites directly but may have affected the ability of some of its users to reach those sites.

Alex Shipp of email security firm MessageLabs, said early analysis of the worm has revealed nothing to suggest it targeted Microsoft sites directly. However, the volume of traffic generated by the worm may have downgraded system performance for many people, causing the problems observed by many of you.

MessageLabs blocked 23,000 copies of MyDoom-O within the first five hours of the worm's outbreak yesterday morning. Today anti-virus firm Symantec has upgraded the worm to a Level 4 threat (Level 5 is the most severe) due to increased submission rates.

Beware bogus security warning

Mydoom-O is a mass-mailing worm that opens a back door - Zincite-A - on port 1034/TCP of compromised PCs. This gives attackers remote, unauthorised access to infected PCs. MyDoom-O spreads aggressively through email, using its own SMTP engine. This mass mailing may clog mail servers and downgrade system performance.

The worm sends emails to addresses harvested from infected PCs as well as to email addresses it finds through search engines. The sender's From: email address is invariably forged, and therefore does not indicate the true identity of the sender. The subject and body of infected messages vary, but normally refer to bogus security warnings ostensibly from a user's own administrator. This social engineering ruse, although by no means new, helps explain MyDoom-O's wildfire spread.

Standard precautions apply to defending against the bug: update AV signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. As usual, MyDoom-O is a Windows-only menace. But security-conscious PC, Linux or Mac users are not wholly immune though, thanks to the blizzard of bounced and redirected messages generated as a result of MyDoom's spoofing behaviour. ®

Related stories

Google goes gimpy from MyDoom infection
Zombie PCs spew out 80% of spam
Mutant son of MyDoom plans three-pronged attack
Delivering the 12kb Bomb
MyDoom and NetSky cause chaos

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.