By Nowshade Kabir, Rusbiz.com

Remember the Sobig viruses of last year that wreaked havoc and
caused significant financial damage to corporation world? Well,
the first major virus of this year has potential to beat those
attacks easily.

What is MyDoom?

The new virus, which is actually a more virulent variation of
"Mimail" virus, is dubbed MyDoom by antivirus software maker
Network Associates Inc. and "Novarg" by rival Symantec Corp.

The virus, first detected around 4PM EST Monday January 26, 2004,
immediately started to create a mail storm through out the
Internet. According to experts, MyDoom virus is capable of
generating up to 8 million infected e-mails in the first 24 hours
if it is not slowed down. This is twice as much as the amount
produced by the Sobig.F virus, which at its peak last year
generated around 3.5 million e-mails on the third day of its
outbreak.

Within one hour of its first attack Network Associates itself
received 19,500 e-mails bearing the virus from 3,400 unique
Internet addresses.

How does it work?

MyDoom spreads itself similarly as any other email-borne virus.
Unsuspected user after receiving infected email activates the
virus by opening the attached file. As always the virus
infiltrates only into Windows based PC. The attached file can
be of any of these extensions: ".exe," ".scr," ".cmd" or ".pif".

Randomized subject line of the infected message can have the
following texts among others: Mail Delivery system, Test, Server
report, Hello, etc.

The body of the email shows one of the several texts, such as:
"The message cannot be represented in 7-bit ASCII encoding and
has been sent as a binary attachment,"; "The message contains
Unicode characters and has been sent as a binary attachment.";
and "Mail transaction failed. Partial message is available."
The idea here is to trick users into opening the attachment.
The opened attachment looks like a simple Notepad text file,
which most of the people believe to be safe and incapable of
carrying viruses.

Once a computer gets contaminated with MyDoom, the virus along
with the Trojan embedded in it does the following things:

The virus resends itself using a built-in mailing program to
e-mail addresses from the address book of the infected computer.
It is capable to send out 100 infected email messages in 30
seconds to addresses stored in the computer. It also fakes the
sender's address and shows one of the e-mails randomly selected
from the computer's address book. So it appears that the virus
came from someone other than the person whose computer produced
this email.

The virus also copies itself to the Kazaa download directory
of the infected computer, on which the file-sharing program is
loaded. The virus camouflages itself, using one of seven file
names, including Winamp5, RootkitXP, Officecrack and Nuke2004.
Kazaa is a file sharing program widely used by teens to share
music among peers.

MyDoom also uses the domains of the emails addresses it finds
in the infected computer to make up numerous email addresses in
an attempt to spread itself. This tactic is commonly used by
spammers and called "Dictionary Attack".

Some experts claim that this virus also drops a file onto
infected computer systems, collecting sensitive data such as
passwords, user names and credit card information.

The infected e-mails are also programmed to start a denial of
service attack on SCO, the controversial software group which
claims that important components of the Linux open-source
operating system violate its Unix copyrights. A Denial of
Service Attack means in an attempt to shut down a server,
thousands of emails are sent to one single address. The attack
clogs the bandwidth and cripples the whole mailing system
of the company and forces them to either turn off the server
or change the domain name.

Finally, the virus also opens up communication ports of the
infected computer, allowing a hacker to manipulate the machine
remotely.

One hack of a virus, isn't it?

What to do?

If you take the following steps, your computer will be
virtually safe from any similar virus attacks:

- Get an Antivirus program and install it in your computer.

- Regularly update your Antivirus program.

- Get a firewall and install it. A great free firewall that you
can download and install is Zonealarm. You can download it from
http://www.zonelabs.com/store/content/home.jsp

- Regularly get patches for your version of Windows and update.

- Use email filters similar to Eprompter. It gives you the
ability to delete unwanted spam or suspicious looking mail,
which might contain viruses. Get it free from
http://www.eprompter.com.

- Scan you computer for viruses regularly. A great free tool that
scans your computer remotely for viruses and eliminates them you
can find at
http://housecall.trendmicro.com/hous...start_corp.asp

No doubt that Microsoft has to do a better job to protect us from
this on going slaughter. However, until this happens, Windows
users have to be more vigilant and do everything possible to
protect their machines.


About the author

Nowshade Kabir is the founder, primary developer and present
CEO of Rusbiz.com. A Ph. D. in Information Technology, he
has wide experience in Business Consulting, International
Trade and Web Marketing. Rusbiz is a Global B2B Emarketplace
with solutions to start and run online business.
You can contact him at mailto:nowshade@rusbiz.com,
http://ezine.rusbiz.com, http://www.rusbiz.com

N. Kabir wrote:

> What to do?

Have you tried UPDATE STATISTICS?

Tosser.

--
"C'est pas parce qu'on n'a rien à dire qu'il faut fermer sa gueule"
- Coluche