With half-a-million dollars in reward as an enticement, computer users and security experts battled to curb the spread of the Mydoom computer worm amid concerns of serious after-effects from the worst internet epidemic to date.
The original Mydoom bug was still propagating worldwide along with a variant called Mydoom.B that some said could be more dangerous but may not be spreading as quickly.
”This is the fastest spreading worm in Internet history. It’s apparent to us that even with the broad media and industry attention, e-mails users will continue to fall victim to the worm,” said Scott Chasin, chief technology officer at MX Logic, a US security firm.
”At this point, we still have not seen the peak of the worm’s infection. It will be interesting to see what happens over the next few days, especially after the first of February when the worm is expected to execute its denial-of-service payload.”
Denial-of-service attacks are attempts to bombard networks with information requests in an effort to cause them to crash. The two Mydoom bugs direct infected computers to bombard SCO, the owner of the Unix operating system, and Microsoft.
SCO has offered a $250 000 (200 000 euro) reward for information leading to the arrest and prosecution of Mydoom’s creators.
Microsoft on Thursday announced an identical measure, also offering a $250 000 reward for information to nab the culprits.
”This worm is a criminal attack,” said Brad Smith, senior vice-president and general counsel at Microsoft.
”Its intent is to disrupt computer users, but also to keep them from getting to anti-virus locations and other sites that could help them. Microsoft wants to help the authorities catch this criminal.”
Mydoom spreads through e-mail attachments and downloads from the popular Kazaa file-sharing service, which lets internet surfers share content such as games, movies and music.
Part of Mydoom’s ”success” is that it — unlike many earlier bugs — poses as an error note with the main text message attached, prompting users to open the attachment to read it, thereby inadvertently launching the virus.
California-based Panda Software said Mydoom.A was still spreading rapidly, even though individual computer users may be seeing fewer infected e-mails.
It said one in every five e-mails is carrying this worm, making four million infected e-mails in circulation.
”Mydoom.A is not reaching higher rates because of the security measures that companies have adopted after being infected”, explains Luis Corrons, director of PandaLabs. ”But it isn’t stopping either, as it is now attacking companies without protection that survived the first wave of infected messages.”
Mikko Hyppoenen, of the Finnish anti-virus firm F-Secure, said that ”over 40% of the internet traffic now consists of infected e-mails generated by the first Mydoom virus, and it’s still spreading.”
The Mydoom bugs are worms, a subgroup of computer viruses characterized by the fact that they spread independently through e-mail, Hyppoenen said.
The Russian security firm Kaspersky Lab said on Thursday that Mydoom.B was being propagated by the 600 000 or so computers that were infected by Mydoom.A.
The new Mydoom strain, detected Wednesday, was designed to prevent infected computers from reaching anti-virus software sites for fixes.
But analysts said Mydoom.B was not nearly as virulent as initially thought, possibly due to programming flaws.
”It’s in the wild, but it’s not spreading nearly as high as everybody expected,” Hyppoenen noted.
”Our best bet is that there are some bugs in the virus’ computer code that we have not been able to find yet.”
Experts said they were expecting a new version of the Mydoom worm to appear at any time, correcting the flaws of the latest versions.
”It’s quite likely that we will have a new version soon, there is nothing holding the creator back, especially since the B version did not turn out to be that successful,” Hyppoenen said.
In 2003, many of the Sobig family of viruses turned out to be increasingly violent, with the latest F version in August generating some 300-million infected e-mails in a week, while other strains were not successful at all. – Sapa-AFP