Experts: Mydoom worm spreading faster than last year's Sobig-F
Security experts said the Mydoom is propagating quickly across the Internet
IDG News Service - A new e-mail worm that first appeared on the Internet this afternoon is spreading rapidly, according to leading security companies.
The worm is being called several names by antivirus software vendors, including W32/Mydoom, Shimg, Novarg and Mimail.R. It is now being analyzed by the antivirus companies.
Experts differed on the worm's payload but said it is spreading faster than Sobig-F, the most widespread e-mail worm of 2003.
"It has been moving very quickly for the past three hours and has been generating a hell of a lot of e-mail," Vincent Gullotto, vice president of the Anti-Virus Emergency Response Team at Network Associates Inc., said this afternoon. Some businesses have shut down their e-mail gateways to block the worm, he said.
Massive spreading of the worm slowed down performance of the top 40 U.S. business Web sites Monday afternoon, according to Keynote Systems Inc., a San Mateo, Calif.-based Web performance monitoring company. The average time for a site to load exceeded four seconds, while they normally load in two to three seconds, Keynote said in a statement.
"This worm is taking off like a rocket, with well over 20,000 interceptions in just two hours of it being discovered," Ken Dunham, director of malicious code at iDefense Inc. in Reston, Va., said in a statement.
The worm arrives as an e-mail with an attachment that can have various names and extensions. The message can have a variety of subject lines and body texts, but in many cases it will appear to be an error report stating that the message body can't be displayed and has instead been attached in a file, experts said.
"This is something you might see from a mail system, so you click on the attachment," said Sharon Ruckman, senior director for Symantec Corp. Security Response.
Both Network Associates and Symantec agree that when the attached file is executed, the worm scans the system for e-mail addresses and starts forwarding itself to those addresses. If the victim has a copy of the Kazaa file-sharing application installed, it will also drop several files in the shared files folder in an attempt to spread that way.
Symantec also identified more malicious acts. The worm will install a "key logger" that can capture anything that is entered, including passwords and credit card numbers, Ruckman said. Furthermore, the worm will start sending requests for data to www.sco.com, the Web site of The SCO Group Inc., which could result in the Web site going down if enough requests are sent, she said.
SCO has noticed that its Web site performance has intermittently slowed, but
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts