New worm avoids feds for now
1 - 2 min read
Jan 28, 2004
A new mass-mailing computer worm that began rapidly spreading throughout the Internet Jan. 26 apparently avoids targeting the e-mail addresses of government agencies, military facilities and large software companies, according to a security expert at a leading antivirus firm.
The worm -- known as MyDoom, W32.Novarg.A@mm, Shimgapi or as a variant of the MiMail worm -- is an encrypted program that creates a mass-mailing of itself, which may clog mail servers or degrade network performance.
By avoiding federal sites and large software companies, the worm's author could be "attempting to get lead time before antivirus definitions" are written to block the worm, said Alfred Huger, senior director of engineering with Symantec Security Response, a unit of Symantec Corp. that tracks and responds to virus outbreaks. If the worm started attacking .mil and .gov e-mail addresses as well as antivirus vendors, then signatures could be written to thwart it much sooner, he said. Symantec and other leading antivirus vendors have pushed out software updates to customers to help protect against the worm.
A likely target appears to be The SCO Group, a provider of Unix software based in Lindon, Utah. SCO has stirred emotions in the Linux community by claiming that important pieces of the open-source operating system are covered by SCO's Unix copyright. The worm is programmed to instruct infected PCs to send a flood of bogus traffic, or a denial-of-service attack, to SCO's Web server Feb. 1 through Feb. 12. The worm can also drop a backdoor program onto a PC, allowing an intruder to take control of the machine, Huger said.
The link for this article located at fcw.com is no longer available.
Related Articles
1 - 0 min read
Spectre V2: A New Threat to Linux Systems
1 - 0 min read
Hacked VMs Reveal New Attack Risks
