Jewish World Review

MyDoom virus prepares for bigger attack on Sunday | (KRT) The spread of the MyDoom worms slowed markedly Thursday, as computer users learned how to protect their machines from infection.

No hard numbers were available, but Internet security firms said e-mail traffic was normal, in contrast with the surge of messages sent by the MyDoom worms beginning on Monday.

The worms - a kind of aggressive computer virus - are expected to remain quiescent at least until Sunday. That is when MyDoom and its cousin, MyDoom.B, are set to swamp Microsoft Corp. and SCO Group Web sites in an effort to crash them.

"Typically you will see a slowdown for a number of reasons," said Brian Czarny, marketing director of MessageLabs. "As people get more educated, they stop opening the attachments."

Both MyDooms spread via e-mail bearing an attached file. The official-looking e-mail - some bearing words like "system administrator" or "server report" - contains an icon indicating an attachment. Anyone clicking on the icon will activate the worm.

The MyDoom worms garnered much media attention this week, and that is warning people about suspicious e-mail, security experts said.

Infectious e-mail is melding with spam to create yet another annoyance for people dependant on the Internet.

"The virus issue is converging rapidly with the spam issue," said Chris Belthoff, senior security analysis with Sophos Inc., a provider of computer security systems.

Spam is the unwanted advertising e-mail that deluges inboxes with offers of extended auto warranties, shady pharmacies that require no prescription and a great deal of other scurrilous material.

Donate to JWR

"We are seeing viruses infecting machines to set them up as spam zombies," Belthoff said.

A zombie computer is one controlled by a hacker to send out huge amounts of spam. Both versions of MyDoom contain can break into personal computers and seize control. The owner of the computer might never know that his machine is producing a torrent of spam e-mails.

MyDoom and MyDoom.B are believed to have been created by the same person. But other hackers are thought to be taking advantage of the worms' ability to create a backdoor in computer systems, leaving them vulnerable to takeover.

"We are starting to see an increase in scanning for infected machines," said Alfred Huger, senior director of engineering at Symantec Security Response, a large computer security firm.

Huger said he believes hackers are searching the Internet for computers already opened up by MyDoom and using the backdoor it created for their own purposes.

"When ever a worm or virus come out with a backdoor that's easily identifiable, other hackers try to leverage that," Huger said. "It is alarmingly frequent."

Appreciate this type of reporting? Why not sign-up for the daily JWR update. It's free. Just click here.

Comment by clicking here.


© 2004, Chicago Tribune Distributed by Knight Ridder/Tribune Information Services