Worm Hitting Anti-Spam Sites with DoS Attacks

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Five new variants of a mass-mailing worm are infecting computers around the globe andlaunching denial-of-service attacks -- some against well-known anti-spam Web sites.

The Mimail worm, an ordinary mass-mailing worm that first appeared this past August, hasspawned four new variants that began invading the wild last Friday. The original Mimail wormdid nothing more than cull email addresses and propagate itself. The new variants are farmore aggressive, launching DoS attacks against several anti-spam Web sites and onlineretailers, including one gaming retailer.

As of Monday morning, some sites were being slowed down, while others were not able to be accessed.

''Everyone should be on guard against a possible surge in MiMail activity as the business week resumes,'' says Ken Dunham, director of malicious code at iDefense, Inc.,a security intelligence firm based in Reston, Va. ''New variants may continue to emerge inthe wild and thousands of MiMail e-mails are now waiting to be opened by unsuspecting users as the business week resumes.''

Chris Belthoff, a senior security analyst at Lynnfield, Mass.-based anti-virus company,Sophos, Inc., notes that the worms contain a Zip file, which contains an executable. Thefile will harvest email addresses from the computer's hard drive, propagate itself and thenlaunch the DoS attacks. The subject line may read, 'Don't be late', and the text will referto a planned meeting and a file that the email recipient supposedly requested. Othervariants refer to pictures from a trip to the beach.

Anti-virus analysts say the worms are targeting sites, such as www.spamhaus.org,www.spews.org, mysupersales.com, spamcop.net, and darkprofits.com.

''These sites are probably getting hit with a lot of traffic,'' says Belthoff. ''Thequestion is why are they targeting these sites? Are they spammers trying to send a message?Are they just virus writers trying to see if some new technique will work?''

Belthoff adds that while the worms aren't specifically damaging the computers they'reinfecting, the worms are causing them to slow down because of the amount of email trafficthey're generating.

''If you've got a large network that's getting infected, then your network will slow downgreatly,'' he adds. ''Do the people running these anti-spam sites find them destructive?Absolutely. If a big corporate network is being slowed down, is that destructive? You bet.'' It's destructive to business.

Submit a Comment

Loading Comments...