MyDoom

[John Simkin]

An email worm known as MyDoom, which masquerades as an advisory message from a computer technician, is the worst internet virus since SoBig last year. It was first spotted on Monday in a file sent from Russia. Over the next few hours over 1.5m copies had been intercepted. Like other email worms, MyDoom requires a user to open the attachment before it can infect a machine. Many of these emails is labelled "Test" or "Status". Sean Richmond, technical support manager for Sophos, said yesterday that the MyDoom worm turned an infected computer into "a zombie", which could be programmed without the owner's knowledge to attack the website of SCO, which is in dispute with the Linux community.

If you are a victim of the virus you can get help from:

http://www.sophos.com/virusinfo/articles/mydoom.html

[Marco Koene]

Also a useful site:

Symantec

[Graham Davies]

MyDoom has tried to invade my system at least 20 times during the last two days -or rather at least 20 times that I am aware of as various external filters are also in operation before my system's defences kick in. I became acutely aware of Internet security a few years ago when my system was hit by a succession of invasions exploiting the MS "hole". I then began to set up a Web page offering advice to others based on my personal experiences and actions that I have taken to render my system safe. See:

http://www.camsoftpartners.co.uk/bugs.htm

"Computer viruses: a cautionary tale"

[Marco Koene]

I just had my first attack (well one i was aware of) I use avast anti virus software and it works very well

Avast

[Graham Davies]

It seems that MyDoom's onslaught is getting worse today, 30 Jan 2004. One of my ISPs, CompuServe, has been locked up all day so that I cannot collect emails. Prepare yourselves for worse to come next week when MyDoom tries to effect a denial of service attack on SCO and Microsoft!

[Marco Koene]

Well so far it is quiet on the mydoom front! At least where i am at. How is everybody else?

[Graham Davies]

Marco Koene asks:

Well so far it is quiet on the mydoom front! At least where i am at. How is everybody else?

It seems quieter today than at this time last week when the email service of one of my ISPs shut down for several hours on three consecutive days. I have been attacked by MyDoom around 100 times (to my knowledge) - but all the attacks have failed as I am well-defended. My two main ISPs filter known viruses as they come in. My email filter, MailWasher Pro, filters additional viruses and zaps them automatically. If any viruses get in via these first two lines of defence then Norton AV kicks in. In addition, my firewall ZoneAlarm Pro quarantines all attachments with an extension such as EXE, COM or BAT, changing the extension to something harmless until I am sure that I really need the attachment and then I can change the extension back.

I work from home. I have to maintain all these safeguards myself as I do not have the protection of a business or education ICT environment.

[Marco Koene]

Do we think that both MS newsmessages ( Windows has a backdoor and someone stole the source code) have something to do with the latest mydoomattacks?

Thoughts?

Edited February 13, 2004 by Marco Koene