Free eScan utility available to combat MyDoom virus

In a move to assist with cleaning up the MyDoom virus, Camsoft has announced the availability of the eScan Anti-virus toolkit utility as a free download at http://www.mwti.net.

MyDoom has caused major havoc since Tuesday this week and the virus is likely to continue to spread for a few more days while users scramble to prevent it from infecting their systems. The virus has been incredibly virulent and would certainly beat even the nastiest worm - the Sobig virus that was seen last year - for its ability to spread.

In just a few hours, this malicious program caused a global epidemic, infecting more than a million computers across the world.

"This latest incident is the most serious outbreak so far this year, and shows every sign of breaking replication records set in 2003," comments Matt Newnham (matt@camsoft.co.za), eScan product manager at local anti-virus specialist Camsoft Solutions (www.camsoft.co.za).

"By making the eScan utility freely available for this virus outbreak, users are able to gain immediate access to a virus cleansing solution that will help prevent further spreading of the MyDoom worm. The worm will perform a denial of service (DoS) starting on 1 February 2004, which makes it all the more urgent to eradicate it before this happens," adds Newnham.

A new variant of the MyDoom worm, dubbed Mydoom.B, is programmed to attack the Web sites of Microsoft and software firm SCO. The FBI and SCO have offered a reward of $250 000 for information that will lead to the apprehension of the author of MyDoom. Currently the worm is accounting for more than 30% of all e-mail traffic, say experts, and the virus does not take advantage of any flaws in Windows software. Instead, many of the e-mails look like they have been sent from organisations such as charities or educational institutions, in order to fool recipients into opening it.

"If you are not protected by a reliable real-time anti-virus and content security product such as eScan and MailScan, the chances of your desktop and the system network falling prey to this and other malicious outbreaks are very high," continues Newnham. "Paralysed systems can result in considerable losses of information, man hours and money."

To ensure your systems are well protected from the malicious attack at a nominal price, Camsoft is now offering the eScan and MailScan range of products at a very special price. The eScan and MailScan competitive and time-tested security solutions will now be offered and available at a special discount of 15% on the RRP until 15 February 2004. Contact info@camsoft.co.za or call Camsoft on 0800 616765 for more details now.

MyDoom (or W32.Novargis) is a mass-mailing worm that started its adventure sometime around 23.00 hrs (IST) on 26 January 2004.

The worm arrives as an attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip. and mostly hides itself as a ZIP file, which most gateway protection software products allow to enter. Once inside the inbox of a user`s mail database, the user typically clicks on the ZIP file and inside the ZIP file is hidden the malicious code of the worm.

If the user clicks on this code, the worm gets immediately activated and will sit silently on the user`s computer and set-up a "backdoor" by opening few "ports". Ports are basically entry points which can be used by an external hacker to control the computer.

When the machine gets infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198. This will potentially allow a hacker to connect to the machine and utilise it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files. The worm will perform a DoS starting on 1 February 2004. On 12 February 2004 the worm has a trigger date to stop spreading.

MyDoom/Novargis is yet another worm, in the recent series that we have seen, that opens up unauthorised access to computers that could be used for sending out spam messages across the Internet, said Govind Rammurthy, CEO of MicroWorld Technologies Inc.

For more information on this worm, please visit http://www.mwti.net. If you suspect that your computers have been compromised, download MicroWorld`s free eScan AntiVirus Toolkit Utility and run a thorough check.