[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 27 January, 2004, 17:33 GMT
Mydoom virus 'biggest in months'
Computer user
Computer users are advised to update anti-virus software
A computer virus spread via e-mail has been described by security experts as the "largest virus outbreak in months".

The malicious worm, called Mydoom or Novarg, has clogged networks and may allow unauthorised access to computers.

It arrives as an e-mail attachment in a text file which sends itself out to other e-mail addresses if opened.

Security experts MessageLabs said, at its peak, one in 12 e-mails carried the worm. It has now stopped more than 1.5 million copies of it.

It said this latest rapidly-spreading worm is bigger and faster than Sobig.F, the virus which crippled inboxes and networks last August, and it shows little sign of slowing.

"Sobig, at its peak, infected one in every 17 e-mails, causing many internet relays to become severely clogged," Mark Sunner, chief technology officer at MessageLabs told BBC News Online.

"Mydoom has now surpassed this, infecting an incredible one in every 12 e-mails, and so the impact of this latest virus may be very serious for affected e-mail users."

Fast harvester

The virus, which is also spread through file-sharing networks, is particularly malicious because it may open a "back door" to computers.

This is a piece of software which is deposited on a computer's hard drive if the attachment is opened. It listens to commands sent remotely over the net and acts on them.

Many of the e-mails look like they have been sent from organisations like charities or educational institutions, to fool recipients into opening it.

MYDOOM DETAILS
From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters
"Mydoom works by harvesting e-mail addresses from the infected computer, and randomly chooses from these the address identified as the next sender," explained Mr Sunner.

"The sender is therefore falsified in the Mydoom virus, so it is impossible for the recipient to actually tell where the e-mail has really come from."

Thousands of e-mails triggered by the worm, which only affects computers using Microsoft Windows, were bombarding networks within hours of its discovery on Monday.

The worm is similar to 2003's Bugbear and Sobig in the way it spreads, Symantec's Kevin Hogan explained to BBC News Online.

"It is a very simple example. It simply relies on a human to double click on an attachment to run it."

It also seems it will attempt to perform a denial of service attack on SCO from 1 to 12 February, directing infected computers to flood SCO with data, he said.

SCO is a Unix vendor which has been in the news recently because it has claimed that key parts of the open-source operating system, Linux, are under SCO's copyright.

Last year's Blaster worm attempted a similar attack on Microsoft's website, which was stopped.

Delete and update

The e-mail carrying Mydoom often bears the subject "Test" or "Status". The message inside may read: "The message contains Unicode characters and has been sent as a binary attachment".

PROTECT YOURSELF FROM VIRUSES
Install an anti-virus program.
Keep it up to date
Get the latest patches and updates for your operating system
Never automatically open e-mail attachments
Download or purchase software from trusted, reputable sources
Make backups of important files
"Mydoom can pose as a technical-sounding message, claiming that the e-mail body has been put in an attached file," said Graham Cluley from security firm Sophos.

"Of course, if you launch that file you are potentially putting your data and computer straight into the hands of hackers."

Symantec have advised anyone who has received the worm to avoid opening or double clicking the attachment.

Users should also ensure their anti-virus software is updated, so that if the attachment is opened by accident, the software will catch it.

If anti-virus software does not spot an infection once the attachment is launched, users should download the free tools available to deal with it.

The security firm added if users start getting unusual pop-up messages from their desktop firewall, the chances are the computer has been infected.




SEE ALSO:
Viruses turn to peer-to-peer nets
20 Jan 04  |  Technology
Fighting viruses on the frontline
22 Aug 03  |  Technology
Sobig is biggest virus of all
21 Aug 03  |  Technology
Viruses make criminal move
31 Dec 03  |  Technology
Devious virus attacks on the rise
02 Oct 03  |  Technology
Experts' fear over computer virus
03 Sep 03  |  Bristol/Somerset


RELATED BBCi LINKS:

RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific