Windows Users And Microsoft Beware

[oxygenuk]

MyDoom Variant Emerges, Targets Microsoft
Wed January 28, 2004 02:38 PM ET

A variant of the MyDoom worm has emerged as the most devastating virus since last summer, and is likely to target Microsoft Corp.'s (MSFT.O: Quote, Profile, Research) Web site, security experts said on Wednesday.

Since appearing earlier this week, the worm, also dubbed Novarg or Shimgapi, has infected computers across the globe by enticing users to open a file attachment that releases a program that potentially allows other attackers to gain unauthorized access.

The financial damage from the virus-like program -- from network slowdown to lost productivity -- is already being measured in the billions of dollars, according to anti-virus vendors.

The latest version of the worm is designed to flood Microsoft's Web site with requests for information in an attempt to bring it down, experts said on Tuesday. This strategy is similar to that of the first version, which targeted the Web site of the SCO Group Inc. (SCOX.O: Quote, Profile, Research) , the small software maker suing International Business Machines Corp. (IBM.N: Quote, Profile, Research) over the use of code for the Linux operating system, they noted.

"It's interesting in that it potentially has a denial of service attack on Microsoft," said Jimmy Kuo, a researcher at Network Associates Inc.'s (NET.N: Quote, Profile, Research) McAfee anti-virus unit.

Kuo said that it was difficult to tell whether the variant, called "MyDoom.b," was spreading across the Internet, or "in the wild." So far, anti-virus companies have received and analyzed the variant from only a few sources.

The MyDoom variant appeared to have other similar aspects to the first version, in that it exempts e-mail address for government agencies, some universities, and other computer security companies, including Symantec Corp. (SYMC.O: Quote, Profile, Research)

Computers running any of the latest versions of Microsoft's Windows operating system e-mail program are at risk of being infected, although the worm doesn't exploit any flaws in Windows or software.

Instead, MyDoom is designed to entice the recipient of an e-mail to open an attachment with an .exe, .scr, .zip or .pif extension.

Since the worms often appear as error messages from "Mail Administrators" and other official-looking addresses, many inevitably open an attachment after finding minimal information in the message. Users who receive the worm and simply ignore or delete it will be able to avoid any damage.

In response to the worm's targeting its Web site, SCO offered a $250,000 reward for "information leading to the arrest and conviction of those responsible for this crime." SCO has drawn the ire of many Linux advocates for its claims that Linux software includes copyrighted code from the Unix operating system.

The attacks from infected computers on SCO and Microsoft are scheduled to begin on Feb. 1 and continue to Feb. 12.

:

[Alex H]

I just got an email with a .pif attachment. Looked weird. Deleted it straight away.

[superdude]

Ah come on! i get tons of chainletters that contain those attachments. I dotn even read them anymore! all full of viruses

[nsane]

the maker should have included $harman, RIAA, & MPAA to the list of greedy pigs to DoS

[h1]

SCO deserves it. Even after Linus owned their ass they've been asking for it.

[nsane]

you wouldn't happen know what exact codes their suing them over?, i cant find out any where :helpsmile:

45 hours to go for SCO

[h1]

I saw on eWeek.com a while ago some detailed refutations by Torvalds... he did mention specific code examples.

I'll see if I can find it.

[4play]

didnt sco claim they cant show what code ibm has stolen from them and placed into linux because ibm will not let them see the code to their version of unix.

how does this work again since sco does not have the code how can it be theres.

http://www.groklaw.net/ that site does some very easy to understand versions of what is really going on between all the companies involved now that novel claim they own the rights to unix.

this should be sorted soon though.

[nsane]

SCO actually bought the unix code from AT&T along time ago

reminds me, aren't patents litimited to 5 or 10 years?

...which would mean sco is bitching about something that was able to be used for like 5 years now