MY DOOM VARIANT
Looks like yet another variation of the MyDoom virus
(version MyDoom.M and MyDoom.O) are spreading again. Like all the other versions
of MyDoom this one disguises itself as a bounced email or a corporate missive
saying that "You may be infected with a virus". The attached file IS the virus.
Some versions have .ZIP extensions (which can be opened) and some have .EXE
extensions (which in a properly configured system cannot be opened).
The unusual thing about this version is that it actually has a smart engine
that, once it discovers an email address in your address book, takes the @companyname.com
part and does a Google, Yahoo, AltaVista or Lycos search for that company name
and tries to find other email addresses using outside resources (instead of just
your own address book). This allows the virus to more easily spread to others in
companies that you have in your address book. It also means that even more
people will eventually get a copy of the virus. As far as we know this is one of
the first viruses to search on-line for additional email addresses to send
infections to. If you're listed anywhere in those search engines you're likely
to get a copy or three of this - even if you've been isolated in the past.
The virus submits so many searches in such a short time that it's (perhaps
inadvertently) creating a Denial of Service attack on the search engines listed
above, and potentially slowing down performance on other machines on the same
internet segment or email server.
What should I do
Virus Signature updates today from both McAfee and Norton detect and purge this
virus. Since it relies on you either opening an executable attachment or
unzipping and running one, common sense pretty much will stop this bug in it's
tracks. If you get an infection you can use antivirus vendor provided tools to
remove it. Look on your network for high rates of usage when nothing else is
going on - or significant slowdowns in network speed.
As usual be sure that you don't open attachments that you're not expecting, and
keep your system patched and up to date. Be sure to run Antivirus software at
all times and update daily. Filter email with .EXE extensions directly (IE
Delete them unopened) and be careful about files with ZIP extensions to examine
the contents of the zip file to be sure there aren't executable programs inside
CNet News Article:
Symantec Security Response:
(includes a complete manual removal process)
McAfee Stinger removal tool:
This concludes this viruswarning notice,
Aztek Computer Solutions, Inc.
274 N. Goodman St Suite B269
Rochester, NY 14607
the human side of computing
Web: www.azcomputer.net Office
Fax number: 585-242-9441