A new email virus called MyDoom is spreading rapidly across the Internet, bringing with it a dangerous attachment that, when opened, can give attackers access to users' computers through an electronic backdoor;. The attachment targets Windows users, which account for roughly 96 percent of all computer users, and the rate at which this virus is spreading matches that of SoBig.F, previously the fastest-spreading worm of all time. As with earlier email viruses, MyDoom doesn't spread by means of any technical chicanery, relying instead on the ignorance of users who double-click any messages they see in their Inboxes. Email users are thus advised not to open attachments from sources they can't verify. The sheer amount of traffic generated by the virus has already brought down many networks, and some security experts now believe that attackers originally launched the virus as a Denial of Service (DoS) attack on the SCO Group, the UNIX copyright holder that's now suing various Linux companies for copyright infringement. However, this attack is having the most dramatic effect on end users, many of whom are still surprisingly uninformed when it comes to the dangers of opening attachments. When users open MyDoom-tainted email attachments, their systems become infected--with two side effects. First, their systems send infected email to all the users in their address books. Second, the virus places a backdoor on their systems that attackers can later exploit. MyDoom email is identified by text in the body of the email that reads, "The message contains Unicode characters and has been sent as a binary attachment." The subject lines and attachment names vary. Typical subject lines on infected messages include "Mail Delivery System" and "Mail Transaction Failed." The attachments often appear as .zip files (e.g., document.zip, message.zip, readme.zip) but can have virtually any extension, including .exe, .cmd, or .pif. If you're using an antivirus package, make sure your definitions are up-to-date and follow the manufacturer's instructions for removing MyDoom (which is also identified as Novarg, Shimgapi, and W32/Mydoom.A@mm, depending on the source). F-Secure's Web site has a free disinfection tool for users who don't have antivirus packages.
Note: This article originally noted that the "MyDoom [wa]s spreading rapidly across the Internet" through "UNIX mail servers", which was incorrect. Instead, the virus was ultimately targeting SCO's UNIX servers with a Denial of Service (DoS) attack. My apologies for the condensation of thoughts, which resulted in an unintentional miswording. This is instant publishing, folks, not a grand conspiracy. --Paul
End of Article
"A new email virus dubbed MyDoom is rapidly spreading across the Internet via UNIX mail servers"
What the hell are you talking about? This virus doesn't care whether your mail server is Unix based or windows based. The mail server is completely irrelevant.
What is relevant is that only Microsoft Windows clients are affected. Not Unix. Not Mac. While I assume a bias at Windows & .NET Magazine, blaming Unix mail servers for a Windows virus is ridiculous.
Editor's note: Ah, right. The attack first targeted UNIX servers, and the virus affects Windows PCs, as I reported. --Paul
Edward Block January 27, 2004
"A new email virus dubbed MyDoom is rapidly spreading across the Internet via UNIX mail servers..."
Normally I wouldn't comment on something as blatantly stupid as this (..."via UNIX mail servers"), but come on...this thing got through our Windows server at work this morning. You're trying to be cute but it just falls flat.
Honestly, Paul, can't you just report the facts? Why do you have to be the FOX News of the Internet?
Also, your advice that "Email users are thus advised not to open attachments from sources they cannot verify" is excellent but again--if the e-mail address is spoofed or if it IS from a trusted, verified source, you can hardly blame the user. Our mail server blocks .EXE, .SCR, .PIF and other extensions from getting through, but .ZIP? Come on. A .ZIP file from a known source is hardly suspicious. It certainly doesn't justify you calling Windows users ignorant and "out-to-lunch".
Oh, and one more thing. Our antivirus software (updated automatically by M*A*** corporation-wide) failed to catch several instances of this virus as well. Looks like everyone fell down on the job. Again.
Wendy Rebecca January 27, 2004
Once again Paul is ahead of the curve. "UNIX email servers" spreading a virus?? Are you serious??? The UNIX servers are backend Internet transport servers, moving email based on DNS MX records. You make it sound like this is a UNIX worm. It is another Windows worm. The bias of this site is unreal. Windows Magazine should be ashamed to print this drivel.
David Brock January 27, 2004
"...spreading across the Internet via UNIX mail servers..."
Funny. Everything I've read about MyDoom indicates that it is server-agnostic, as are most trojan horses. Or is this just this week's attempt to turn an informative article into a troll by adding one little word. (See also: "superior")
Keith January 27, 2004
>"Email users are thus advised not to open attachments from sources they cannot verify."
OH NO. I really cannot hear this any more. If the worm spreads using the user's address book, chances are the receiving person *can* verify the source. It's not the big bad wolf that's sending you the worm, it's much more likely to be your best friend. Geez.
Eberhard Schefold January 27, 2004
Nice comment about UNIX servers Paul. Don't you think it's akin to blaming the sea for an oil slick though?
David Hulse January 27, 2004
I just helped one of my colleagues get rid of the new MyDoom worm on her Win2k box. It made registry changes without her knowledge or authorization (other than her mistake in expanding a bogus zip file). I have yet to encounter an email attachment or application (for that matter) that can gain access/make changes to the core system in Mac OS X without passing authentication. I am that system's administrator, and still can't damage the X core unless I purposely enable root. It seems that most Windows users don't even know when their Registry has been borked by some script kiddie. And Bill Gates has the stones to assert that Windows is something more secure than swiss cheese?? Hmmm....
Brich January 27, 2004
useful article, we are a very small company in bournemouth, england, we were attacked at least 200 times in an 8 hour working period whilst on line, this amount of virus attacks is new to us, our last virus stuck us with half that number. Keep up the info, we need it. Thanks.
Carl Armes January 27, 2004
"is spreading rapidly across the Internet through UNIX mail servers"
*ROTFL*
Oh those pesky Unix mail servers spreading virus to poor little Windows systems. Bad Unix. Bad, bad Unix!
*LOL*
pit January 27, 2004
It's very curious to me why you included the phrase "through Unix mail servers" in your article. Note that CNet's coverage doesn't mention that little tidbit, nor does CNN's coverage. You're obviously trying to insinuate something without providing any evidence; why not be more direct and write what you really mean?
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
What the hell are you talking about? This virus doesn't care whether your mail server is Unix based or windows based. The mail server is completely irrelevant.
What is relevant is that only Microsoft Windows clients are affected. Not Unix. Not Mac. While I assume a bias at Windows & .NET Magazine, blaming Unix mail servers for a Windows virus is ridiculous.
Editor's note: Ah, right. The attack first targeted UNIX servers, and the virus affects Windows PCs, as I reported. --Paul
Edward Block January 27, 2004