ZDNet UK / News and Analysis / Security / Security Management

MyDoom offshoots add anti-removal code

By Robet Lemos, CNET News, 13 September, 2004 09:20

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

MyDoom

NEWS
Security experts warned on Friday that several new versions of MyDoom have surfaced on the Internet, suggesting that worm writers are taking a stab at improving the venerable virus.

The viruses are largely alike: they are designed to spread by attaching copies of the program to email messages and download additional features from compromised Web sites. Moreover, they are all difficult to clean from an infected Microsoft Windows-based PC, because they stop the system from connecting to antivirus Web sites to download updates.

The fact that several similar variations of MyDoom have been released in quick succession suggest that a more lethal version may be in the works, said Sam Curry, vice president of product management for Computer Associates International's eTrust software.

"We saw similar behaviour with the Bagle virus -- three or more variants of a virus... were all low, but then they were followed by a high-threat virus," he said. "We are pretty much on alert now through the weekend, and we are recommending that people be careful with email."

The original MyDoom appeared in January. It spread quickly as a malicious attachment carried by spam e-mail. At the time, some antivirus vendors declared the program the worst mass-mailing computer virus to hit Internet users. It is programmed to set off data floods that target Web sites belonging to Microsoft and the SCO Group, a company that has claimed ownership of key technology in the Linux operating system.

Recent versions of the virus have renewed attacks on Microsoft, containing messages that have asked for a job in the security industry.

The inclusion of antiremoval code in the MyDoom offshoots that emerged Friday could be a sign that spammers and others in the Internet underground want to gain control of vast numbers of PCs, said Alfred Huger, senior director of security response at Symantec, an antivirus company.

"I think we are looking at someone looking to do a real-estate grab," he said. "The virus seems to be about getting new hosts and keeping them."

Another plausible theory is that the writer or writers behind the malicious program are tweaking its abilities and testing the result, Huger noted.

"It is entirely likely that (iterative development) is going on or that the source has been released to a new group of people," he said.

That could mean that a bigger Doom is on the way, he said.

Related stories

Spam-seeding viruses dominate August charts

Latest MyDoom worm exploits Web site guestbooks

Latest MyDoom attacks Yahoo people search

Microsoft next target of MyDoom

Zindos worm relies on its pal MyDoom

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

dede0202

Hello ALL USERS OF THE PIRATE BAY I WOULD PUT AN EXPLANATION ON PIRACY Story Idea ILLIGALE AND SHARING THOSE THAT NET Dissent NOT WELL BUT TO CA...

1 hour ago by dede0202 on The Pirate Bay infringes copyright, High Court decides
Sungwoo

do You know that? it can install 4G Ram. So i buy 4g and install It work! I can run call of duty 4,6,7 [Modern war... 1,2,3] Call of duty 1 was...

2 hours ago by Sungwoo on Loose Ends - Upgrading the Aspire One 522
itsajob

2. Bad idea. Making up patch cables loses you your commission from the cable supplier. 3. If you tidy up, other people can understand where the...

8 hours ago by itsajob on Ten IT jobs to save up for those rare lulls
Roberto_Store

Now On Sale, Unlocked iPhone 4S / Galaxy Note In Factory Box. Roberto-Techie(UK) ”Now on Sales” Smartphone, Android,Tablets,Gadget &...

12 hours ago by Roberto_Store on Samsung Galaxy S III lined up for sale
Paul Smyth

Is this classic FUD? One thing I would definitely have notice is a Mozilla threat to stop supporting GNU/Linux.

13 hours ago by Paul Smyth via Facebook on Firefox rapid release improves Fedora Linux
UnderINK

I agree with the previous commenter wholeheartedly. I couldn't say it better myself. This is very 'Big Brother'. And while I agree with protecting...

18 hours ago by UnderINK on European e-identity plan to be unveiled this month
Simon Bisson and Mary Branscombe

Nice to see that Turing's idea of a general purpose computer doing once-hardware-powered tasks in software is now universal ;-) Mary

23 hours ago by Simon Bisson and Mary Branscombe on Software with everything
Jason Burchell

seriously now. I've only bothered to read a small bit of the comments. do me and the rest of the world a favour. stop saying it does not work or...

1 day ago by Jason Burchell via Facebook on Music industry negotiating over 24-bit downloads
Philip Charles Cohen

Read about it and weep, John Donahoe ... In addition to Visa’s V.me, there is now MasterCard’s PayPass digital wallet soon to arrive; another...

1 day ago by Philip Charles Cohen via Facebook on PayPal takes phone-based payments to the high street
apexwm

Leslie Satenstein : Where have you ever seen Mozilla even mention this? Firefox is the most popular browser in the GNU/Linux OS, so I don't see...

1 day ago by apexwm on Firefox rapid release improves Fedora Linux
songmaster

SHleG: Do you remember building a clockwork scorpion kit (I'm pretty sure I have a photo of it somewhere) — I think it was called something like...

1 day ago by songmaster on Software with everything
Chris Wortman

Good I love Yahoo! Their search engine is getting better than Google as of late. I find more of what I want on the first page, and usually within...

1 day ago by Chris Wortman via Facebook on Linux Mint 13 ramps up for KDE release
PatrickG

openhgs has made the point for Windows 8 multiple monitors without realising it! With Windows 7 you have to switch the mouse and so your focus...

1 day ago by PatrickG on Windows 8 could speed multi-monitor uptake
Leslie Satenstein

Mozilla has threatened to stop supporting Linux. I guess that UBUNTU is going with another browser. I indicated that if Mozilla stops supporting...

2 days ago by Leslie Satenstein via Facebook on Firefox rapid release improves Fedora Linux
Andy Bolstridge

Much as I abhor Microsoft's licensing practices, this is almost certainly down to purchasing IT equipment via 3rd party consultants - you get the...

2 days ago by Andy Bolstridge via Facebook on 6 million wasted licences and £1,200 PCs: welcome to government IT
Jack Schofield

@openhgs Windows users have had multiple desktops since Linus started writing Linux. They just haven't shipped as standard because not enough...

2 days ago by Jack Schofield on Windows 8 could speed multi-monitor uptake
Jack Schofield

@Phil at Cloud4 What, Microsoft gets £1,200 per PC and £1,622 per server? Gosh, I'm amazed....

2 days ago by Jack Schofield on 6 million wasted licences and £1,200 PCs: welcome to government IT
craigsc

You guys have no idea what is going on at Autonomy. Autonomy could have been a much more profitable organization. The sales operations at Autonomy...

2 days ago by craigsc on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Moley

How does this impact on dual or multi booting? Seems to me to more or less prohibit this, from Windows 8 anyway. Will Grub 2 recognise Windows 8,...

2 days ago by Moley on Windows 8 start-up speed forces USB boot workaround
apexwm

I don't understand why there cannot be a slight pause during the boot process so the user can press a key. Many operating systems do this, even if...

2 days ago by apexwm on Windows 8 start-up speed forces USB boot workaround

Latest in Security Management

NHS patients' health data to be anonymised and shared

Apple releases Flashback tool for Mac OS X 10.5

IPv6 security: What you need to know

Featured white papers

Hacktivism: Threats and reality for IT managers

ZDNet UK

Hacktivism: Threats and reality for IT managers

As high-profile breaches involving consumer data become the norm, this guide looks at where hacking is heading and what individuals can do to protect against possible attacks, from securing data to creating more secure email... Read more

How to defend mobile applications

HP

How to defend mobile applications

Your customers can now perform sensitive transactions anywhere, and mobile apps, devices and data can be more easily attacked. How can you defend against mobile... Read more

Delivering software security in the cloud

HP

Delivering software security in the cloud

This document describes in detail how HP Fortify on Demand works and what it can accomplish for companies seeking to test the security of their... Read more

Inside ZDNet UK

Indoor navigation coming to a mobile near you soon

Indoor navigation coming to a mobile near you soon

Software with everything

Software with everything

Asus Transformer Pad TF300T

Asus Transformer Pad TF300T

How IT is ganging up on organised cybercrime

How IT is ganging up on organised cybercrime

HTC One V: First take

HTC One V: First take

SharePoint deployment: The final chapter

SharePoint deployment: The final chapter

Ten IT jobs to save up for those rare lulls

Ten IT jobs to save up for those rare lulls