According to analyses by Net experts, the mass-mailing MyDoom worm, which began propagating yesterday, is the fastest-spreading software virus to date with an effect that could linger for years.
MyDoom, which is also know as Novarg and Mimail.R, began spreading over the Internet yesterday. It now accounts for one of every 12 e-mails traveling through cyberspace worldwide, CNet News reported.
The virus travels as an e-mail attachment that infects PCs whose users open the malicious file.
Once open, the virus installs a stealth program that opens up a “back door” hackers then can use to take over infected computers.
Online vandals could route additional attacks through the infected PCs, Alfred Huger, senior director of engineering for security software firm Symantec, told CNet News.
“This is going to hang around and hound us for a long time – if Code Red is any indication, for years,” he said.
The Code Red worm hit in July 2001 and still lurks on the Net searching for computers to infect.
The one-in-12 e-mail rate beats another pesky virus that played havoc on the Web. Sobig.F was the previous record holder, accounting for one out of every 17 e-mail messages.
When the virus infects a computer, it sends out e-mail messages to addresses in the user’s address book, choosing one of the names as the sender to further fool the recipients.
“This is the most aggressive that we have seen to date,” said Mark Sunner, chief technology officer for MessageLabs, which filters e-mail for corporate customers. However, Sunner tells the technology newssite he believed the infection rate of the virus had begun slowing by this afternoon. “It has had one cycle around the world, so it’s likely that it’s peaked.”
The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP. It is attached to e-mails with subject lines that appear to indicate a bounced e-mail notice. Text include variants of “The message contains Unicode characters and has been sent as a binary attachment,” and “The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.”
AP reports MyDoom also tries to spread through the Kazaa file-sharing network and was programmed to try to overwhelm the website of The SCO Group Inc. beginning Sunday.
Today, the company announced a $250,000 reward for information leading to the arrest and conviction of the virus’ creator.
Unlike other recent attacks, MyDoom does not appear to exploit any Windows security flaw, the Associated Press reported.
The effect of the worm has caused a slowness in Internet responsiveness over the last two days.