[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 30 January, 2004, 01:19 GMT
E-mail virus takes on new guise
Experts at F-Secure
Experts say Mydoom could make up to 30% of all e-mail traffic
Security firms are warning that a new strain of the Mydoom virus could spread more widely than its predecessor.

They fear that the thousands of PCs infected by the first Mydoom bug are being used to spread the new variant.

The second strain, called Mydoom.b, is programmed to attack the websites of Microsoft and software firm SCO.

Microsoft has joined SCO in offering a $250,000 reward to find those behind what is now ranked as one of the largest virus outbreaks ever.

At its height, Mydoom made up 30% of all e-mail traffic, according to anti-virus firms

Unauthorised access

The virus arrives as an e-mail attachment which sends itself out to other addresses if opened, and may allow unauthorised access to computers.

It only affects computers using Microsoft Windows and also spreads through file-sharing networks, like Kazaa, installing a "backdoor" onto machines if launched.

From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters

Anti-virus firm Kaspersky Labs said it fears that the backdoor installed on many machines is already being used to spread the new variant.

Web monitoring firms have detected a huge increase in the amount of scanning for infected machines.

Some of this scanning could be due to companies finding and cleaning infected machines but some of it is thought to be the work of malicious hackers keen to exploit the army of machines compromised by Mydoom.

An infected computer could allow attackers to get unauthorised access to a user's machine and use it to bring down websites, according to security experts.

The Mydoom variant is designed to attack www.microsoft.com, the main Microsoft website, as well as the SCO website, which had been the target of the original worm.

The attacks are scheduled to begin on 1 February and continue until 12 February.

100m infected e-mails

The worm, also known as Novarg, is bigger and faster than last year's Blaster and Sobig ones.

According to Finnish security experts F-Secure, Mydoom flooded the internet with more than 100 million infected e-mails in its first 36 hours.

Install an anti-virus program.
Keep it up to date
Get the latest patches and updates for your operating system
Never automatically open e-mail attachments
Download or purchase software from trusted, reputable sources
Make backups of important files
"Current estimates show that currently between 20% and 30% of all e-mail traffic worldwide is generated by this worm," said the company.

The spread of the virus prompted an FBI investigation.

SCO has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.

Mydoom does not take advantage of any flaws in Windows software. Instead, many of the e-mails look like they have been sent from organisations like charities or educational institutions, to fool recipients into opening it.

Anyone who has received the worm should avoid opening or double clicking the attachment. They should also ensure their anti-virus software is updated, so that if the attachment is opened by accident, the software will catch it.

If anti-virus software does not spot an infection once the attachment is launched, people should download the free tools available to deal with it.

Internet security analyst, Barry Fox
"The reason viruses spread is because too many people put unnecessary attachments on simple e-mails"

Q&A: The Mydoom virus
29 Jan 04  |  Technology
Bounty on creators of e-mail worm
28 Jan 04  |  Technology
Mydoom virus 'biggest in months'
27 Jan 04  |  Technology
Linux users face licence cash call
16 Jan 04  |  Technology
Viruses turn to peer-to-peer nets
20 Jan 04  |  Technology
Fighting viruses on the frontline
22 Aug 03  |  Technology
Devious virus attacks on the rise
02 Oct 03  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific