***Dave talked about it so I figured I’d toss up something about it as well. Goodness knows it’s certainly got the anti-virus group at my company all up in arms today having received four urgent pages on the issue already.
There seems to be some confusion over exactly what to call this new scourge as in addition to the name “W32/MyDoom” it’s also been labeled “Novarg” and/or a “Mimail” variant depending on which anti-virus company you’re talking to. It certainly doesn’t help that two other worms called “Mimail.Q” and “Dumaru” are also making the rounds lately, though not as quickly as this new one. The main goal of MyDoom appears to be to infect as many PCs as possible for an upcoming distributed denial of service attack (DDOS) against the SCO Group’s domain, that being the “most hated company in tech” mentioned in my previous entry. Though it also installs a key-logger on your system leaving you vulnerable to exposing passwords, credit card numbers and other data to the hackers who wrote it. Plus it mails itself like crazy to every email address it can find which is why the Net has been so sluggish lately. MyDoom is rather clever in getting folks to launch it as well:
The worm is contained in e-mails with random senders’ addresses and subject lines. While the body of the e-mail varies, it usually includes what appears to be an error message, such as: “The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.”
While many computer users are savvy about not opening executable files or other attachments that may contain viruses, the latest worm masks itself as an innocuous text document or a file that your computer appears unable to read.
“This one is almost begging you to click on the attachment,” said Sharon Ruckman, the head of anti-virus firm Symantec’s security response team.
Anti-virus experts said MyDoom was on track to hit even more machines than Nimda, a 2001 worm that spread widely with an attachment that read “Readme.exe.”
This time, besides the “binary attachment” message, MyDoom comes with all different file extensions including .pif, .zip and .csr. It also uses an attachment icon similar to one used for Windows text messages. All of this, security experts warn, was succeeding in tricking people into thinking the e-mail was legitimate.
Naturally the lesson here is to not open attachments you don’t recognize from people you don’t know. You should also have an anti-virus scanner installed on your PC that is up-to-date. Even if you can’t afford/don’t want to spend money on such software you don’t have an excuse as there are several free anti-virus programs out there you could use. While they may not update their dat files as quickly as the big boys do, they still offer decent protection. Here are a few I’ve used from time to time:
- Avast! 4 Home Edition from ALWIL software.
- AVG Anti-Virus from Grisoft.
- AntiVir Personal Edition from H-BEDV.
- BitDefender Free Edition v7 from Softwin.
It bears repeating again that if you’re on the Net (and if you’re reading this you ARE on the Net) and you run a version of Windows, but don’t have some form of anti-virus installed then you’re asking for trouble.