Security expert Q&A: The virus writers are winning
1 - 2 min read
Aug 05, 2004
Mikko Hypponen has made a name for himself as a computer security expert in directing anti-virus research at Finland's F-Secure, a $45 million company that regularly issues alerts warning of network threats. He spoke recently with Network World News Editor Bob Brown and Features Editor Neal Weinberg about the latest viruses and what enterprise network executives are up against.
What's your take on Mydoom.M, the latest worm making the rounds?
Advertisement:
It's a really interesting technique remembering how big Mydoom.A was in January. It was the single largest e-mail outbreak in history. Mydoom made headlines then because it was attacking SCO.com and then later on Mydoom.C was attacking Microsoft.com.
What's happening here [with Mydoom.M] is that the attack that made headlines with Google going down wasn't really an attack on Google. It was just using Google to harvest more e-mail addresses. But what Mydoom.M left behind was a back door. We've seen this already with Mydoom.A, which left a back door and several days later its authors scanned public addresses looking for Mydoom.A-infected computers and then installed a spam proxy Trojan called Mitglieder. What seems to be the case with this new Mydoom is that instead of dropping in a spam Trojan they've dropped in a [Distributed Denial-of-Service}client aimed at overloading Microsoft.com's front page, though it hasn't been too successful.
Do you have any idea who is behind it?
I think it is the same people not only behind the other Mydooms, but also behind Bagle. Possibly even behind SoBig and others. I don't have any concrete evidence on where these guys are operating from, though there are some indications they have come from Russia and are living in central Europe. I think it is more than one guy and that they are organized.
The link for this article located at nwfusion.com is no longer available.
