[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 28 July, 2004, 11:21 GMT 12:21 UK
New virus exploits MyDoom success
Grab of Microsoft.com website, Microsoft
Zindos is targeting Microsoft
Microsoft is the next target for the virus that brought widespread disruption to search engines earlier.

Earlier this week Google, Lycos, Altavista and Yahoo all struggled to cope with the number of queries made by the MyDoom.O Windows virus.

Now security firms are warning about Zindos, a partner program of MyDoom.O, that tries to exploit all the machines infected with the earlier virus.

Zindos is programmed to endlessly visit the Microsoft.com homepage.

Backdoor bug

MyDoom.O, also called MyDoom.M, hit the headlines because of the trick it used to look for new victims to infect.

Instead of just plundering Microsoft Outlook address books, the virus also went online to search for other e-mail addresses with the same suffix.

Delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error instruction
"Mail Administrator"
"Automatic Email Delivery Software"
"Post Office"
"The Post Office"
"Bounced mail"
"Returned mail"
"Mail Delivery Subsystem"
As well as searching the net for new addresses and looking for new hosts to infect, MyDoom.O also opened up a backdoor on compromised machines.

This backdoor is now being exploited by the follow-up Zindos virus which is spreading rapidly through those machines still hosting the MyDoom.O bug.

Once installed Zindos scours connections looking for other vulnerable machines and, once it finds one, starts bombarding Microsoft.com with requests.

Little damage

So far Zindos has not spread widely and security experts speculate that it has been released simply to cash in on the success of MyDoom.O.

The Microsoft.com website has yet to show any sign that it is struggling to cope with the hits generated by Zindos.

The bug is programmed to visit the Microsoft.com website once every 50 milliseconds.

Google search engine error message
Some Google searches returned an error message
In a statement Microsoft said it had "taken steps" to ensure the website stays live.

The trouble caused by the MyDoom.O virus is also waning. Security firm Symantec said that it was seeing only one-third the number of reports of MyDoom.O as it had at the peak of the outbreak.

The attack on Microsoft continues a trend seen with MyDoom variants which in the past have been used to attack the Recording Industry Association of America, the SCO Group and Microsoft.

Security firms expect to see a slew of novel viruses that copy MyDoom.O's search engine trick and which try to piggy back on successful infections to boost their own chances of spreading widely.

MyDoom.O itself is thought to have used the network of compromised PCs created by MyDoom.L to spread quickly.

Like many recent viruses MyDoom.O spread via e-mail attachments.

It tried to trick people into opening it by disguising itself as e-mail system error messages and warning that a machine was being used to send spam.

The worms affect Windows systems but not Linux or Apple Mac computers.

Trench warfare against viruses
06 May 04  |  Technology
Defences tested by virus attacks
05 May 04  |  Technology
Google recovers after virus hits
27 Jul 04  |  Technology
Mydoom mutants mount new attacks
10 Feb 04  |  Technology
Mydoom virus starts to fizzle out
04 Feb 04  |  Technology
Microsoft dodges Mydoom onslaught
03 Feb 04  |  Technology


The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific