|
The Latest on the
MyDoom
Virus
Latest worm
has professional twis, computer experts blame
spammers.
The new computer worm called MyDoom is
spreading worldwide at a frightening rate. But
that's not the really scary news.
What worries computer experts the most is the fact
that MyDoom is an example of a new breed of
professionally created worms that are more difficult
to detect and move faster. These better-built worms
also are used by criminals to turn a profit.
Experts say the creation of MyDoom was almost
certainly funded by e-mail spammers. The worm takes
possession of a computer -- either at a home or one
used in business -- and turns the machine into a
remotely controlled robot programmed to send spam
e-mail messages.
With hundreds of thousands of these zombie computers
sending spam, the chances of shutting down the flow
are almost zero.
While the inner workings of the worm aren't a strong
departure from earlier ones, the fact that it was
professionally created with a criminal profit motive
is a big shift.
Instead of sloppily made worms from amateurs,
professional software writers -- motivated by money
-- can create worms that will spread faster and work
more efficiently, said Roger Thompson, director of
malicious-code research for TruSecure, a Herndon,
Va.-based anti-virus firm.
"I don't think the worm is especially sophisticated,
but the overall plot is very sophisticated," said
Thompson. "The plot is to prepare a bunch of
machines to send out spam, to own more and more
computers that can do that."
"Yeah, it definitely has ties to spammers," said
Neel Mehta, a computer scientist with Atlanta-based
Internet Security Systems.
Nor is there any question that MyDoom spread like
wildfire. Medina, Ohio-based Central Command, which
sells anti-virus software, said the worm multiplied
so quickly that, for a time, one of every nine
e-mails was infected.
Atlanta-based EarthLink, which has more than 5
million Internet customers, said the worm created
massive volumes of e-mail on its system. At 2 a.m.
Tuesday, normally a slack time, e-mail traffic was
equivalent to what "we'd expect during midday," said
Dave Blumenthal, a company spokesman.
As if the news wasn't bad enough, there is a general
suspicion the worm may contain what computer
scientists call a keystroke-logger program. If
that's true, the creator of the worm can monitor
every keystroke made on every infected computer not
protected by a firewall program. That provides
access to everything typed, including credit card
numbers and passwords.
"I think there is a link to organized crime,"
Thompson said. "I don't have any proof of that, but
it could easily be. It could be harvesting credit
card numbers ... or bank account log-ins."
Mehta said while he had seen reports the worm
contained a keystroke logger, he could not confirm
them. He said computers equipped with a firewall
program should be safe because the anti-hacker
software would intercept and stop the remote prying.
MyDoom's professional touch can be seen in the way
the e-mail induces the recipient to open the
attachment carrying the infection. Earlier
amateur-built worms promised naked pictures and the
like. MyDoom looks like an official e-mail error
message you might get if an e-mail failed to
transmit properly. Even worm-smart users could be
fooled, said Mehta.
Once that attachment is opened, it hijacks e-mail
addresses stored in infected computers. It then
e-mails copies of itself using one of those names as
the sender. So an infected e-mail could look like a
message from a friend or relative. Since it appears
to be the report of a failed e-mail message, many
users may be eager to open the attachment to see
which message failed.
The text for some of those messages seems properly
technical. One says: "The message contains Unicode
characters and has been sent as a binary
attachment."
The professionalism of all that has Thompson
worried. He foresees a new generation of worm
creators who are better educated and more skilled.
"Most worm writers grow up and get a girlfriend, a
job and then stop," he said. "If there is a profit
motive involved, I would expect the acts to
continue."
As professionals take charge, the construction of
the worms themselves is likely to improve, making it
more difficult to stop them. Mehta said
professionally created worms such as MyDoom -- also
known as Novarg -- have "more features ... they have
more code to them, and the code is generally of
better quality."
He added, "It's not the first to have ties to
professional writers, but until about a year ago we
didn't see worms that were tied to professionals."
While any fast-spreading worm causes congestion for
computer networks inside businesses and on the
Internet itself, that is a byproduct of MyDoom but
not the intent, Thompson said.
"Professional hackers are getting more into this,"
said Mehta. "We are now seeing worms that are
designed with a purpose."
Both Internet Security Systems and EarthLink believe
the peak of e-mail from the worm came Monday and
early Tuesday morning and that volume is now on the
decline.
iStarmedia
Internet Solutions - The Competitive Edge!
Website services for your business... Design... Marketing...
e-Commerce...
click
here!
|
