We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,764 News Articles

Hackers Jump on Mydoom's coat tails

Infected PCs leave back door open for further attacks

A back door to computer systems opened by the Mydoom email worm is turning into a bonanza for thousands of hackers who are furiously scanning the internet for systems infected by the virus.

The weakened defences of infected computers could allow malicious hackers to secretly install a Trojan horse program or keystroke-logging software, or simply to peruse files on the hard drive. It may make cleaning up after Mydoom difficult, say the experts.

Mydoom, which first appeared on Monday, is still spreading and is believed to have infected between 100,000 and 300,000 systems worldwide, according to Craig Schmugar, virus research manager at the McAfee antivirus division of Network Associates. Latest figures indicate one in every 12 emails sent contains the virus.

Protecting your PC
Removing Mydoom will close the back door and eliminate the threat, said Oliver Friedrichs, senior manager of security response at Symantec. All the major antivirus vendors have updated their virus definitions to identify and protect against the fast-moving worm, which is also called Novarg and Mimail.R.

However, if a malicious hacker gets to an infected system first, cleanup is more complicated.
Many antivirus programs can spot common Trojan horse and keystroke-logging software, but they might not detect every program, Friedrichs says.

Owners of infected systems would need specialised software that looks just for such programs. Friedrichs warns, "This could turn into a big mess."

Most internet users will be well served with an up-to-date antivirus package and an internet firewall which can spot Trojan activity on an infected system, says Richard Smith, an independent computer security consultant in Boston.

Next: mass attack?
The internet community should be more worried about the hundreds of thousands of Mydoom-infected computers that are now at the beck and call of the Mydoom author, Smith says.

The Mydoom-B variant that has appeared includes features to cut off access to 65 antivirus websites and may be an effort to further groom the population of infected machines, Smith adds. It may be targeting Microsoft. A zombie network that large could be used to distribute spam, viruses, or internet scams.


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...