MyDoom.F, other worms loose

Johannesburg, 26 Feb 2004

Security experts warn that the latest variant of the fast-spreading MyDoom worm is gaining momentum globally, threatening to delete victims` files and launch attacks on Microsoft and music industry Web sites.

The new variant, MyDoom.F, emerged late last week and has been spreading fast. It is programmed to launch distributed denial-of-service attacks on the Web sites of Microsoft and the Recording Industry Association of America (RIAA). The RIAA is a music industry lobbying group that has sued online song swappers.

Although MyDoom.F is not spreading as quickly as previous MyDoom variants or another predominant new worm, Netsky.B, MyDoom.F is a threat because it deletes random Microsoft Word documents, Excel spreadsheets and Access databases, as well as photos and movies stored on an infected computer.

Netxactics, local Sophos distributor, says the worm also opens a back door on infected computers that could allow malicious hackers to run unauthorised code remotely.

"This worm is being sighted in larger numbers, suggesting that not all computers have properly protected themselves with the latest anti-virus updates," says Netxactics CEO Brett Myroff.

Mikko Hypponen, manager of anti-virus research firm F-Secure, describes the spread of MyDoom.F as "disturbing", saying: "We haven`t seen a destructive virus like this in a while."

The latest MyDoom variant arrives in e-mail with a zip file attached and subject lines reading: "approved", "your credit card" or "You use illegal file sharing... Your IP was logged". The body of the message contains various messages, including "kill the writer of this document" and "Please see attached file for details".

Beware Netsky and Bizex too

Meanwhile, infections by two other worms are growing too. Yesterday, anti-virus vendors warned of the Bizex instant messaging worm that targets ICQ messaging users.

New warnings have also been issued about a variant of the Netsky worm, which is reported to be spreading rapidly.

Local F-secure distributor Y3K reports that the latest variant, Netsky.C, sends e-mails with random contents and a ZIP or EXE attachment. It also spreads over P2P networks and shared folders.