MyDoom is here to stay

While Microsoft and SCO seem to have weathered the worst of the storm of denial-of-service attacks launched by the MyDoom worms, experts are warning it’s not all over yet.

  • E-Mail
By  Peter Branton Published  February 4, 2004

While Microsoft and SCO seem to have weathered the worst of the storm of denial-of-service attacks launched by the MyDoom worms, experts are warning it’s not all over yet. Although both MyDoom.A and its less widespread variant MyDoom.B are programmed to “self-terminate” on 12 February, they leave a “back door” on infected machines, allowing them to be used for other attacks, research firm Gartner warned yesterday. “Don’t make the mistake of believing that the threat from the MyDoom outbreak is limited to high-profile targets such as SCO and Microsoft – or that the threat will end on a particular date,” Gartner said in a report. “MyDoom has created an army of “zombies”: remote PCs that can be used to execute attackers’ future commands. These attacks will likely continue after 12 February 2004, and the threat will not end until the MyDoom executable has been removed from all machines.” MyDoom.A has been dubbed the worst-ever internet virus, and it succeeded in its aim of disabling the SCO corporate web site with a massive denial-of-service attack over the weekend. The Unix vendor has been forced to remove its web site from the internet domain name system, and redirect users to a new URL. While MyDoom.B was programmed to launch denial-of-service attacks at both SCO and Microsoft’s sites, its relatively low proliferation meant the second attack had very little impact, and Microsoft said it had successively contained the threat as of yesterday. Both companies have offered a $250,000 cash reward for information leading to the capture of the virus writers, believed to be the same for both variants. Gartner recommends that enterprises immediately take steps to block the threat of MyDoom. Companies should ensure that their internet firewalls block the targeted internet ports (3198 through 3217); scan all network-connected PCs to identify and remove the MyDoom executable; and encourage employees to scan their personal systems using free tools available online. Last year’s MSBlast worm has been lingering on many home users’ PCs, causing network congestion. On New Year’s Eve last year, Microsoft released a tool to help users remove it from their systems. To avoid future virus attacks Microsoft recommends that users use an internet firewall on any PC or laptop connected to the internet, keep their system updated with the latest security updates, and make sure that up-to-date security software is installed.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code