The first MyDoom virus appeared in late January and soon earned
itself the title of the "fastest spreading virus ever". Propagated
by e-mail, the virus programmed infected computers to launch an
attack on the web site of software company The SCO Group.
Since then, 15 variants have been launched, and Microsoft and
SCO have each offered rewards of $250,000 for information leading
to the conviction of the worm's author.
The latest variant, MyDoom.O is, like its predecessors, a
mass-mailing worm that infects machines when an attachment is
opened, and then e-mails itself out to addresses found on the
computer's e-mail directories.
But it appears to have an additional sting in its tail, in that
the virus also carries out a web search for any e-mail addresses
with the same domain and uses these addresses to disguise itself.
So a virus sent to joe@joebloggslimited.com would, if opened,
result in a search for any other e-mail address ending
@joebloggslimited.com.
Cunningly, the virus then disguises itself with a spoofed "From"
address, using the @joebloggslimited.com domain, and sends itself
to similar addresses within the organisation.
The virus commonly has subject lines such as, "Hello", "Hi",
"Status", and "Test", or disguises itself as a returned mail
notification.
Not only does this increase the likelihood of the e-mail being
opened, it has also had a knock-on effect on search engines, with
Google, Yahoo! and Alta Vista being slow or out of service at
various times yesterday.
The advice, as always, is not to open the attachment, and to
delete any suspicious e-mail messages.
