A back door to computer systems opened by the Mydoom email worm is turning into a bonanza for thousands of hackers who are furiously scanning the internet for systems infected by the virus.
The weakened defences of infected computers could allow malicious hackers to secretly install a Trojan horse program or keystroke-logging software, or simply to peruse files on the hard drive. It may make cleaning up after Mydoom difficult, say the experts.
Mydoom, which first appeared on Monday, is still spreading and is believed to have infected between 100,000 and 300,000 systems worldwide, according to Craig Schmugar, virus research manager at the McAfee antivirus division of Network Associates. Latest figures indicate one in every 12 emails sent contains the virus.
Protecting your PC
Removing Mydoom will close the back door and eliminate the threat, said Oliver Friedrichs, senior manager of security response at Symantec. All the major antivirus vendors have updated their virus definitions to identify and protect against the fast-moving worm, which is also called Novarg and Mimail.R.
However, if a malicious hacker gets to an infected system first, cleanup is more complicated.
Many antivirus programs can spot common Trojan horse and keystroke-logging software, but they might not detect every program, Friedrichs says.
Owners of infected systems would need specialised software that looks just for such programs. Friedrichs warns, "This could turn into a big mess."
Most internet users will be well served with an up-to-date antivirus package and an internet firewall which can spot Trojan activity on an infected system, says Richard Smith, an independent computer security consultant in Boston.
Next: mass attack?
The internet community should be more worried about the hundreds of thousands of Mydoom-infected computers that are now at the beck and call of the Mydoom author, Smith says.
The Mydoom-B variant that has appeared includes features to cut off access to 65 antivirus websites and may be an effort to further groom the population of infected machines, Smith adds. It may be targeting Microsoft. A zombie network that large could be used to distribute spam, viruses, or internet scams.