Computerworld - Whenever a new virus appears, I worry that it will be clever, elegant -- and a headline on the nightly news. That combination means that everyone in management will want to know what's going on before we know ourselves. That happened before with SQL Slammer. But with the recent Mydoom virus outbreak, our own protective systems became the publicity machine that created a companywide panic.
You know a virus is fast-spreading when it goes by many names. Mydoom spread so quickly that the antivirus companies didn't have time to communicate with one another, so they all worked in parallel to analyze it and publish fixes. This virus was dubbed Mimail.R and Novarg before the Mydoom.A moniker finally stuck.
For the first few hours after the attack began, I remained blissfully unaware, as I slept while our team in the first time zone dealt with it. But I could tell something was up when I awoke and fired up my BlackBerry, which buzzed with e-mails and status updates.
The Mydoom virus isn't particularly clever; it spreads by sending executable files via an e-mail message that asks the recipient to run the code attachment. Once run, the virus copies itself to everyone on the user's e-mail address list. It also disables access to various Web sites you might use to clean up the infection and infects other files using the Kazaa file-sharing program.
But its only clever tactic is pretending to be a system-generated error message. Administrators can't block such messages as a group because the legitimate ones carry important information. Mydoom uses a normal .exe, .scr or .pif file to spread and is sometimes hidden within a .zip file. I'd expect this kind of file to be held by any company's e-mail gateway. It was by ours, and we expected this to be another storm we'd weather easily. Not so.
Friendly Fire
We're part of a wider group of financial services companies, and one of our sister companies suffered a major infection while I was sleeping. Due to the size of every user's e-mail message stores and the myriad places that an infected e-mail can hide, virus issues can keep flaring back up well after we think they're under control.
Someone in the other company apparently added a second e-mail route that delivered the virus to other internal users, bypassing the normal antivirus checks. Once these users opened their messages, the virus e-mailed users on their network -- and ours. Then, of course, some recipients on the other company's network opened
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
