Web Design Brisbane - Raycon Web Design Brisbane - Raycon

Articles

View full article list

My Doom

Mark Edwards
08-02-2004

The My Doom virus is said to have been the most prolifically emailed virus ever. We can certainly attest to that. In the last few weeks we have received 10 times as many My Doom (and its variant Novarg A) virus infected emails as we have all other viruses in the previous five months! That equates to 50 times as many virus infected emails in any given week than for a week about 3 months earlier. The volume of virus email has been so high that it makes spam email seem to be a small problem.



When a computer is infected, the worm sets up a backdoor into the system which can potentially allow an attacker to connect to the computer and use it to gain access to its network resources. In addition, the backdoor can download and execute arbitrary files. This is definitely not the sort of software you want residing on your computer network!



The virus has been programmed with two trigger dates. The first date which has now passed called some of the infected zombie machines to perform a denial of service attack on The SCO Group who through their legal proceedings against IBM and have made themselves the enemies of the Linux open source programming community.



The second date (February 12th) is the one at which all copies of the virus will cease mass mailing themselves to attmept to infect new machines.



Whilst this would appear to be the date the problem goes away this is far from the case. On this date the virus will stop drawing attention to itself but by then it will have done its work. Its masters will then have a huge pool of zombie machines under their control which they can use for any malicious purpose they choose. This remains the case until those machines are cleaned and protected against the virus.



The cost to businesses of this virus is estimated by Gartner Inc to be about $250 million US. In addition to this, any company attacked by infected machines, such as SCO, will suffer loss and or costs. Both SCO and Microsoft have offered rewards of $250,000 to anyone who helps catch the authors of this virus.



We see a more worrying possibility in future. Whilst it is difficult to track down the virus authors it is very simple to identify machines used in a denial of service attack against a company. If such a company were to suffer loss we would not be surprised to see those companies attempt to recover their losses from companies who allowed their machines to be used in this malicious way. Unfair you say? We are not so sure.



This virus has been very well publicised and cheap virus software will stop it. It is spread in the same way as many viruses have been recently so it is not new at all. Any business that catches and spreads this virus is negligently uninformed about basic computer security and could conceivably be held accountable for any damage caused.



You need to take at least basic precautions to ensure your systems are secure against this and similar viruses. If you do not have the time or the knowledge to do this yourself then ask for help.



We can provide IT Audit services to help if you cannot find your own resources.



If you have been infected by this virus, Symantec have a removal tool at:

www.atcbiz.com.au/index.php?d=u36n



One way or another don't let My Doom become Your Doom!

View full article list