[mswindowsxp] ALERT: Latest E-Mail Worm Said Spreading Fast

  • From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>, <nospam@xxxxxxxxxxxxx>,<windows2000@xxxxxxxxxxxxx>, <mswindowsxp@xxxxxxxxxxxxx>,<brainstem@xxxxxxxxxxxxxxx>
  • Date: Mon, 26 Jan 2004 21:40:04 -0500

Jim Kenzig

Latest E-Mail Worm Said Spreading Fast
1 hour, 10 minutes ago  Add Technology - AP to My Yahoo!


By MATTHEW FORDAHL, AP Technology Writer

SAN JOSE, Calif. - A malicious program attached to seemingly innocuous
e-mails was spreading quickly over the Internet on Monday, clogging network
traffic and potentially leaving hackers an open door to infected personal
The worm, called "Mydoom" or "Novarg" by antivirus companies, appears to be
an e-mail error message. A small file is attached that, when launched on
computers running Microsoft Corp.'s Windows operating systems, can send out
100 infected e-mail messages in 30 seconds to e-mail addresses stored in the
computer's address book and other documents.

The attack was first noticed Monday afternoon. Within hours, thousands of
e-mails were clogging networks, said Vincent Gullotto, vice president of
Network Associates' antivirus emergency response team.

Besides sending out e-mail, the program appears to open up a backdoor so
that hackers can take over the computer at a later time.

"As far as I can tell right now, it's pretty much everywhere on the planet,"
Gullotto said.

Symantec, another antivirus company, also said the worm appeared to contain
a program that logs keystrokes on infected machines. It could collect
username and passwords of unsuspecting users and distribute them to

Network Associates did not find the keylogging program.

Symantec also found code that appeared to target The SCO Group Inc., which
claims some of its intellectual property has ended up in the Linux (news -
web sites) operating system and is threatening lawsuits. SCO's Web site,
which has been targeted in the past, was availably but sluggish late Monday.

The computer security firm Central Command confirmed 3,800 infections within
45 minutes of initial discovery.

"This has all the characteristics of being the next big one," said Steven
Sundermeier, Central Command's vice president of products and services.

Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by
promising nude pictures of celebrities or mimicking personal notes. Instead,
one of its messages reads: "The message contains Unicode characters and has
been sent as a binary attachment."

"Because that sounds like a technical thing, people may be more apt to think
it's legitimate and click on it," said Steve Trilling, Symantec's senior
director of research.

Subject lines also vary. The attachments have ".exe," ".scr," ".cmd" or
".pif" extensions, and may be compressed as a Zip file.

Microsoft offers a patch of its Outlook e-mail software to warn users before
they open such attachments or prevent them from opening them altogether.
Antivirus software also stops infection.

Christopher Budd, a security program manager with Microsoft, said the worm
does not appear to take advantage of any Microsoft product vulnerability.

"This is entirely a case of what we would call social engineering ? enticing
users to take actions that are not in their best interest," he said.

He said the software giant was working with other companies to learn more
about the worm, but that, as of yet, the information about the worm was
still "very spotty." The Redmond, Wash. company was encouraging users to
take precautions such as using an Internet firewall and using up-to-date
antivirus software.

Mydoom isn't the first mass-mailing virus of the year. Earlier this month, a
worm called "Bagle" infected computers but seemed to die out quickly. So
far, it's too early to say whether Mydoom will continue to be a problem or
peter out, experts said.

"Over the next 24 to 48 hours, we'll have a much better sense," Trilling
said. "Right now, the trend is only up."


On the Net:

Microsoft security tips:

To Unsubscribe, set digest or vacation
mode or view archives use the below link.


Other related posts:

  • » [mswindowsxp] ALERT: Latest E-Mail Worm Said Spreading Fast