We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Protect yourself from Mydoom

Standard antivirus efforts are stemming the worm's travel

Companies that follow recommended practices relating to secure email use should be largely protected against the Mydoom virus and its variants, experts say.

Despite the speed with which the email-borne menace has proliferated since it was discovered on Monday, there's nothing - so far - about Mydoom that a combination of antivirus, email filtering and intrusion-detection technologies can't handle.

Mydoom, which started spreading earlier this week, has quickly become the most virulent email virus ever.

How to spot Mydoom
The virus arrives in an email message as an attached file that can have various names and extensions, including EXE, SCR, ZIP and PIF. When the attachment is executed, the worm starts sending copies of itself to other email addresses stored in the infected computer.

The first version of the virus, now called Mydoom.A is designed to attack the SCO Group's website. A newer variant, dubbed Mydoom.B, which began surfacing on Wednesday, appears to be designed to direct similar denial-of-service attacks against Microsoft's website. The variant includes a feature that blocks infected computers from accessing sites belonging to vendors of antivirus products.

Companies that filter out email attachments or analyse the contents of attachments are unlikely to have been affected much, says Darwin Ammala, computer security engineer for the Harris Stat network security unit. Bruce Hughes, director of malicious code research at TruSecure's Icsa Labs, says that about 80 percent of his company's clients already filter out at least five attachments commonly used in email attacks. The remaining companies filter out even more attachments as a precaution against email attacks, he says.

"From all indications, corporations of a size large enough to afford antivirus [technologies] at the email gateway were unaffected," says Russ Cooper, moderator of NT Bugtraq and a TruSecure analyst.

Even in cases where the virus might have managed to infiltrate desktops, "most corporations will either notice or block outbound SMTP during such a virus outbreak" to prevent the virus from spreading, Cooper says.

Quick updates urged
Baker Hill, an application service provider, saw about 50 of its systems infected by Mydoom before its antivirus vendor had a fix for the worm, says Eric Beasley, senior network manager at the company.

Even so, only one user actually clicked on the attachment to activate the worm, he says. An antivirus product installed on the user's desktop quickly detected the worm and alerted administrators, Beasley says.

Since then, Baker Hill has updated its antivirus signatures. Baker Hill also uses a service provider to scan all of its email for spam and has seen no evidence of Mydoom since that provider began stripping out all email attachments containing the worm.

"We are pleasantly surprised by how little it has affected us so far," says Trey Miller, manager of telecom services at Vertis, an advertising and media services company.

Vertis uses virus protection services from Postini and has so far seen little evidence of Mydoom on its internal network, Miller says.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......