Error opening template: advertisement/zones/468x60_generic.tplError opening template: advertisement/zones/728x90_leaderboard.tplError opening template: advertisement/zones/728x90_bottom_ad.tplError opening template: advertisement/zones/300x250_right_ros_up.tplError opening template: advertisement/zones/300x250_right_ros_down.tplError opening template: advertisement/zones/160x600_left_nav.tplError opening template: advertisement/zones/160x600_right_nav.tpl MyDoom Worm

The MyDoom Worm

The internet has introduced many self-replicating infections following the Morris Worm of 1988. Programs with this capability are called viruses and worms, a great threat to anyone surfing the internet these days. Some have been mild, others have been a nuisance, and a few have been down right destructive. A recent threat that has caused major problems is a unique computer worm by the name of MyDoom.

How the MyDoom Worm Works

The MyDoom worm was first discovered on January 26th, 2004. It goes by many different names depending on the anti-virus company, including Novag, Shimg or Mimail. Similar to most worms, MyDoom manipulates the email system, which has caused many innocent users to be blamed for distributing it. What contributed to the wide spread of the worm was the numerous security alerts sent out by anti-virus vendors. The alerting issue arouse from infected emails being detected by the Internet Service Provider or the anti-virus vendor's domain. Depending on an administrator's configurations, the anti-virus solution could send alerts to recipients and the alleged sender.

The problem is that the sender's name was falsified, causing a lot of innocent users to be accused of sending the worm, even if they were never infected. The situation with MyDoom only became more confusing and chaotic as the infection continued spread. Several anti-virus products distributed messages infected with the worm to the alleged sender, thus infecting them with MyDoom if they opened the email attachment. The amount of anti-virus alerts became so great that it quickly superceded the actual number of MyDoom emails. Some have even speculated that these alerts themselves were actually a form of DoS (denial-of-service) attack.

Other Functions of MyDoom

Incorporating anti-virus software wasn't MyDoom's only feature. The worm also executed DoS attacks of its own, particularly against SCO.com, a well known vendor the Unix operating system. Every second, every computer worldwide with MyDoom sent a GET request to the vendor's website in attempt to overload their server. This caused a lot of controversy, as the worm made it appear as if SCO.com was trying to many users.

How MyDoom is Distributed

MyDoom distributes itself via email and the popular peer-to-peer network known as KaZaZ. The email is typically spoofed with both a sender name and one of the following subject lines:

- Hi

- Hello

- Error

- Test

- Mail Delivery System

- Mail Transaction Failed

- Server Report Status

The file attachment comes with a CMD., EXE., PIF. or SCR file extension or it may come as an archived ZIP file.

The icon of the attachment may also appear to be associated with a TXT. file, though the attachment itself is executable. To hide its activity, MyDoom launches the Notepad application when executed, filling the victim's screen with random text characters. It then secretly drops an infected copy into the Windows System folder as an executable. MyDoom also searches the registry in search of KaZaA. If the program is installed, it drops an infected copy into the KaZaA shared folder using various executable extensions. This enables it to infect KaZaA users who download and unknowingly execute one of the files.

Worm Removal

Symantec recommends using a special removable tool to rid an infected system of this worm opposed to an anti-virus scanner. This is because MyDoom drops so many malicious files throughout the registry and the system itself.

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

Many Internet users are unaware that most anti-virus programs quickly become out of date as new and more sophisticated viruses enter the world of cyber-space everyday.

Anti-virus software must be consistently updated in order to remain effective. In some cases it is necessary to buy an entirely new program to help keep your computer virus free.

Most anti-virus programs allow you to update the original program by downloading the newest and most recent updates to their virus protection system. These updates can then provide protection for your computer against new strands of viruses waiting to infect your computer.