An e-mail virus that looks like a
normal error message but actually contains a malicious program
continued to infect computers around the world today.
Security experts described the Mydoom or Norvarg worm as the
largest virus-like outbreak in months.
MessageLabs, a company which scans e-mail for viruses, said
that 1 in every 12 messages contained the worm.
The worm infects computers using Windows, although other
computers were affected by network slowdowns and a flood of
bogus messages.
Unlike other mass-mailing worms, Mydoom does not attempt to
trick victims by promising nude pictures of celebrities or
mimicking personal notes.
Instead, one of its messages reads: "The message contains
Unicode characters and has been sent as a binary attachment."
Steve Trilling, senior director of research at the computer
security company Symantec, said: "Because that sounds like a
technical thing, people may be more apt to think it's legitimate
and click on it."
Besides sending out tainted e-mail, the program appears to
open up a backdoor so hackers can take over the computer later.
Symantec said the worm appeared to contain a program that
logs keystrokes on infected machines. It could collect username
and passwords of unsuspecting users and distribute them to
strangers.
The virus has been made worse by its timing, as it began
spreading rapidly during business hours on Monday in the United
States, where the world’s computers are concentrated.
Other viruses have begun during Asian business hours allowing
anti-virus companies to develop defences by the time US
companies opened.
Some corporate networks were clogged with infected traffic
within hours of its appearance, and operators of many systems
voluntarily shut down their e-mail to keep the worm from
spreading during the cleanup.
Mikko Hypponen, manager of anti-virus research at F-Secure in
Finland, estimated that 200,000 to 300,000 computers were hit
worldwide.
The worm was also programmed to flood the website of the SCO
Group Inc, beginning on February 1 with requests in an attempt
to crash its.
SCO’s site has been targeted in other recent attacks because
of its threats to sue users of the Linux operating system in an
intellectual property dispute.
Christopher Budd, a security program manager with Microsoft,
said the worm does not appear to take advantage of any Microsoft
product vulnerability.
"This is entirely a case of what we would call social
engineering, enticing users to take actions that are not in
their best interest," he said.
Mydoom isn’t the first mass-mailing virus of the year.
Earlier this month, a worm called "Bagle" infected computers but
seemed to die out quickly.
