By ZDNet Australia, 17 February 2005 08:55
NEWS
Another variant of the MyDoom worm, which spreads by sending copies of itself using its own SMTP engine and harvesting potential email targets from search engines such as Google and Yahoo!, was spreading quickly on Thursday.
In August 2004, a MyDoom variant pumped so many queries into Google that the search engine was unavailable or very slow for large periods of time. The same variant of MyDoom also succeeded in knocking a number of smaller search engines - including Lycos and AltaVista - off the web completely.
Antivirus firm Sophos said the latest MyDoom variant searches an infected computer's hard disk for email addresses and then reverts to an internet search. Interestingly, the worm tries to search the internet for email addresses in the infected computer's domain - effectively targeting all users from a specific company or service provider.
According to a Sophos advisory, the worm "will send a query to the search engine using domain names from email addresses found on the hard disk and then examine the query results, searching for more addresses".
Sean Richmond, senior technical consultant at Sophos in Australia and New Zealand, said that the latest variant was first detected early this morning and as long as people have updated their virus definitions it shouldnt cause much of a problem.
"We saw a spate of samples come through over the last day into our lab. By now a lot of companies are already blocking dodgy zip files and quite a few of the infected emails are automatically blocked as spam. It is spreading but everyone [including alternative antivirus companies] is on top of things," said Richmond.
Sophos said the worm will send 45 per cent of its queries to Google, 22.5 per cent to Lycos, 20 per cent to Yahoo! and 12.5 per cent to AltaVista.
Antivirus firms Sophos, Computer Associates and Symantec all agree that the worm is spreading quickly but say is relatively simple to remove using their latest antivirus definitions.
Munir Kotadia writes for ZDNet Australia.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below