Anti-virus vendors are issuing urgent warnings as a new variant of the MyDoom Internet worm disrupts the world`s biggest search sites.
The worm is the latest variant of the MyDoom worm that infected hundreds of thousands of PCs earlier this year. The new worm is reported to have disrupted the world`s most popular online search sites yesterday, scanning the vast databases of Google, Yahoo, Lycos, AltaVista and other search engines to find e-mail addresses for new victims.
The sheer volume of this traffic, say anti-virus companies, effectively causes denial-of-service attacks.
The worm, named MyDoom-O, also scans the hard drives of victims to find new recipients. It then sends a copy of itself as an e-mail attachment to those addresses. It is reported to be spreading fast.
Computer Associates International (CA) has raised its threat level for the MyDoom-O worm to high, "based on extremely intensive activity levels and exponential growth". CA says infected MyDoom-O e-mails may contain one of the following subject lines:
hello
hi
error
status
test
report
delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error
"This latest worm is a 'blended` or 'hybrid` threat, employing many techniques, such as file share and mail worm vectors, 'spoofed` e-mail addresses, and backdoor Trojans, to deliver its harmful payload," says CA.
Symantec says it received 250 reports about the new worm in two hours, on pace with the original MyDoom attack in January. F-Secure also noted that it received several reports of "a new MyDoom-M" from Europe and the US.
Sophos notes that the worm exploits security paranoia to entice users to open the attachment.
Local Sophos distributor Netxactics says a typical e-mail message carrying the worm would appear to be from the user`s Internet service provider or company`s support team, saying hackers had used the PC to send spam.
"Computer users are becoming aware that spammers take over innocent third-party computers to send their marketing messages," says Netxactics CEO Brett Myroff. "This worm plays on that fear and pretends that users have already been hacked and exploited by spammers. All computer users should keep their anti-virus up-to-date and ensure they never launch an unsolicited e-mail attachment."
Share
