Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Dangerous Mydoom [virus] Variant Appears
techweb.com via CRN ^ | 01/28/2004 | Gregg Keizer

Posted on 01/28/2004 3:58:21 PM PST by BigSkyFreeper

The first copycat of the widespread Mydoom worm appeared Wednesday on the Internet, and some analysts are warning it may be even more dangerous than the original.

Dubbed Mydoom.b by most security firms, the variant strongly resembles the Mydoom, now tagged as Mydoom.a, but adds some new disturbing traits.

Some of the subject lines used by Mydoom.b depart from the original, including new headings of 'Delivery error' and 'Returned mail,' both which try to trick users into believing that the message is legit and can safely be opened.

Another change in Mydoom.b is the addition of microsoft.com as a target for a February 3 denial-of-service (DoS) attack. Mydoom.a specified sco.com as the target for a February 1 DoS assault by compromised machines; Mydoom.b has both sites and the associated dates embedded in its code.

Most notable, and most disturbing, however, is that Mydoom.b prevents infected users from accessing anti-virus and other computer support sites.

The worm modifies the host file on the compromised system so that 65 Web sites resolve to the IP address of 0.0.0.0, making them inaccessible.

The list of affected sites include major names in the anti-virus and security trade, including Symantec, McAfee, F-Secure, Sophos, Network Associates, and Kaspersky Labs. Microsoft's Office Update and Windows Update, as well as other Microsoft download locations, are also on the list.

That makes it much more dangerous than its predecessor, said Ken Dunham, the malicious code director for security firm iDefense.

"This new variant is worse than Mydoom.a," he said, because the lack of access to security and anti-virus sites will make it impossible for many users, particularly consumers, to obtain updates to protect or clean their systems. "This will result in a longer lifespan for Mydoom.b," he said.

Dunham, along with other security experts, suspect that Mydoom.b is being launched from computers already infected with the original Mydoom.a. "If this is the case," said Dunham, "Mydoom.b will likely become very prevalent in just a few hours."

Moscow-based Kaspersky Labs agreed. "Our analysts believe that Mydoom.b is probably using machines infected by the original Mydoom," said Kaspersky spokesman Denis Zenkin in an e-mailed statement. "The computer community may be facing a much more serious outbreak than the one caused by Mydoom.a yesterday."

Anti-virus firms are racing to combat Mydoom.b with updated virus definition files, but not all companies have yet posted alerts for the variant, nor updates that can defend and disinfect.


TOPICS: Front Page News; News/Current Events
KEYWORDS: computer; computing; lowqualitycrap; microsoft; mydoom; mydoomb; virus; w2k; windows; windows2000; windows98; windows9x; windowsxp; worm
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 121-129 next last

1 posted on 01/28/2004 3:58:22 PM PST by BigSkyFreeper
[ Post Reply | Private Reply | View Replies]

To: BigSkyFreeper
The first copycat of the widespread Mydoom worm appeared Wednesday on the Internet, and some analysts are warning it may be even more dangerous than the original.

*sigh*...of course...

2 posted on 01/28/2004 4:03:06 PM PST by New Horizon (Why build one, when you can build two at twice the price?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BigSkyFreeper
People are so stupid they can't modify their own hosts file?

Dang.
3 posted on 01/28/2004 4:03:28 PM PST by George W. Bush
[ Post Reply | Private Reply | To 1 | View Replies]

To: George W. Bush
Most folks don't need a host file. Course Windows looks for it, and it's a good idea to set it "read only".
4 posted on 01/28/2004 4:04:44 PM PST by BigSkyFreeper (All Our Base Are Belong To Dubya)
[ Post Reply | Private Reply | To 3 | View Replies]

To: George W. Bush
I think 1 out of 100 Windows users know that they have a hosts file. That's a pretty nifty trick.
5 posted on 01/28/2004 4:04:46 PM PST by lelio
[ Post Reply | Private Reply | To 3 | View Replies]

To: George W. Bush
What's a "hosts file"?
6 posted on 01/28/2004 4:06:36 PM PST by Principled
[ Post Reply | Private Reply | To 3 | View Replies]

To: lelio
Okay. You guys win. We're helpless morons, incapable of modifying a simple text file.

You can really see how all that computer education in the public schools is paying off.
7 posted on 01/28/2004 4:07:07 PM PST by George W. Bush
[ Post Reply | Private Reply | To 5 | View Replies]

To: Principled
I'm going to report you to JohnRob!
8 posted on 01/28/2004 4:07:39 PM PST by George W. Bush
[ Post Reply | Private Reply | To 6 | View Replies]

To: lelio
Bottom line: DO NOT open attachments. Question. Yahoo has an anti virus scan whenever an attachment is sent to you in your Yahoo email account. How does this compare vs. your own av?
9 posted on 01/28/2004 4:08:16 PM PST by hsmomx3 (Want higher taxes? Don't move to Arizona.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: George W. Bush
I ran the "message.zip" in a controlled environment when I first saw it in my email, this was before any news broke. Norton, being fully updated did not recognize any infection. So I opened it up to see a .doc file. Scanned that and nothing.

So, what the hell, I knew it had to be a virus, but I wanted to see it in action. My zonealarm pro and router firewall kept it from emailing out.

I can see though how many people would open it thinking its just a zip or doc and get infected, never knowing it was a virus.

The stupid thing was, the doc file simply runs a pif file and doesn't even open word pad. If it did, that would fool even more people. Otherwise, they are going to get suspicious and check their processes.
10 posted on 01/28/2004 4:08:28 PM PST by Texaggie79 (Did I just say that?)
[ Post Reply | Private Reply | To 3 | View Replies]

To: lelio
I am fairly computer savvy, but I have to say that I don't know what a host file is for. Can you edumecate me?
11 posted on 01/28/2004 4:08:29 PM PST by mlbford2
[ Post Reply | Private Reply | To 5 | View Replies]

To: Principled
It's a text file used by the computer to resolve numerical/long name domain names. This is used in place of the ISP domain name server (DNS) which most people should use, since IP addresses sometimes change, which means manually changing the entries in the host file in the windows directory.
12 posted on 01/28/2004 4:08:40 PM PST by BigSkyFreeper (All Our Base Are Belong To Dubya)
[ Post Reply | Private Reply | To 6 | View Replies]

To: George W. Bush
heh heh heh
13 posted on 01/28/2004 4:09:51 PM PST by Principled
[ Post Reply | Private Reply | To 8 | View Replies]

To: George W. Bush
Remember there are millions of AOL Losers er I mean Users that have no idea how to do anything beyond pointing and clicking in thier browser and almost peeing themselves in excitement when they hear "you've got mail"

And it is not just point and clickers. My wife is a nurse and the Doctor that she works for (a brilliant man in many respects) has absolutely no clue how to use his home PC. I have worked on his computer for him so many times I could almost qualify as an employee.

14 posted on 01/28/2004 4:10:43 PM PST by commish (Freedom Tastes Sweetest to Those Who Have Fought to Preserve It)
[ Post Reply | Private Reply | To 3 | View Replies]

To: George W. Bush
Surely there is a conservative hacker out there that can create a mydoom.rat virus that will nullify those wacko dem sites?
15 posted on 01/28/2004 4:14:23 PM PST by BobS
[ Post Reply | Private Reply | To 8 | View Replies]

To: commish
I worked on a computer savvy user's computer once, he couldn't figure out why the 2 GHz machine was running slow. I ran a virus scan on it and found 300 viruses, worms and trojan horses running in the background. Got rid of them all and the computer was running like it had the very first day.
16 posted on 01/28/2004 4:14:38 PM PST by BigSkyFreeper (All Our Base Are Belong To Dubya)
[ Post Reply | Private Reply | To 14 | View Replies]

To: commish
Switch them all Linux LiveCDs. Then they'll never be able to screw anything up.

Surprising how many people are looking into it. Especially with memory-key support for documents and personal settings or to boot an entire system from.

It has a certain attraction. We're all about fed up with Winblows and all the virusing and updating.

LiveCDs with memory-key support let you carry your own computer environment anywhere. Virus and hacker proof.
17 posted on 01/28/2004 4:15:38 PM PST by George W. Bush
[ Post Reply | Private Reply | To 14 | View Replies]

To: mlbford2
A hosts file relates DNS names (ie freerepublic.com) to IP addresses (ie 209.157.64.200). Back in the Old Days this was done by copying files around computers which then looked at that file to do the lookup manually.

This worked fine when you had a dozen universities on the internet, but it fails miserably with millions of dot com names. So DNS servers came about which told you what IP address you're looking for. No more text files.

Well not quite. All *nix distributions have /etc/hosts which pretty much just lists the loopback address (localhost 127.0.0.1) and maybe their own name -> IP address in it.

Windows has a similiar "stub" file like this too. You'll have to dig around for it, but you can find it under the TCP/IP - DNS settings. Look for something like "hosts" or "lmhosts." Should be a text file with maybe 3 entries in it.
18 posted on 01/28/2004 4:16:00 PM PST by lelio
[ Post Reply | Private Reply | To 11 | View Replies]

To: commish
yes. and i work for a "brilliant" inventor that is so absent minded he would need help shutting down his own computer (a virtual goldmine for us "outsourced to india" techs)
19 posted on 01/28/2004 4:16:59 PM PST by techwench (let's see, format c: /u should fix it)
[ Post Reply | Private Reply | To 14 | View Replies]

To: George W. Bush
You can really see how all that computer education in the public schools is paying off.

I'd be willing to wager that most of the users on this forum went to school before PC training was even thought of in any school. Not everyone on here is under 30.

20 posted on 01/28/2004 4:18:41 PM PST by Cagey
[ Post Reply | Private Reply | To 7 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 121-129 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson