Establishing Digital Trust: Don't Sacrifice Security for Convenience
MyDoom-A, the original and far worse than its MyDoom-B follow-on, compromised an estimated450,000 to 500,000 computers, installing backdoor trojans and launching a cripplingdistributed denial-of-service attack against The SCO Group's Web site. MyDoom-B, which hitthe wild only days after the launch of its predecessor, did not spread nearly as fast or asfar, so its attempt to take down Microsoft Corp.'s Web site was not as successful.
Many anti-virus and security analysts have put MyDoom down as the fastest-spreading worm inhistory, saying it surpassed even the devastating Sobig-F virus that rolled over theInternet late last summer.
At its peak, MyDoom, a mass-mailing worm, accounted for one in every six emails, accordingto Central Command Inc., an anti-virus company based in Medina, Ohio. At its peak, Sobig-Faccounted for one in eight emails.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i But Chris Belthoff, a senior analyst with Sophos, Inc., an anti-virus company based inLynnfield, Mass., says MyDoom's attack hasn't quite matched up to the devastation wrought bySobig-F.
''This is certainly the fastest-spreading virus since Sobig,'' says Belthoff. ''Our datashows that Sobig was faster spreading and more pervasive, but MyDoom is way up there interms of activity level and reports generated. And it did bring down the SCO site, forcingthem to set up an alternative Web site.''
Even though, MyDoom was released in the last week of the month, it still accounted for 25percent of all virus reports in January, according to a Sophos report. The Bagle worm wasthe second worst virus of the month, accounting for 16.3 percent of the reports. Sober-Ctook third place with 9.9 percent, Dumaru-A took a distant fourth with 5.3 percent, andMimail-J grabbed fifth place with 3.1 percent.
''Bagle and MyDoom constitute the bulk of January's virus activity,'' says Belthoff. ''Itwas a bad month, primarily because of the activity surrounding those two viruses.''
Belthoff also says that the security community is on alert for a second MyDoom variant to bereleased.
''History shows that these types of viruses have follow-on variants,'' he adds. ''Peopleshould be on guard.''
Belthoff also says that the $250,000 bounty that SCO offered up for information about theMyDoom author could slow down or stall further variants.
''It's hard to say how successful those bounties are,'' he says. ''Microsoft has had a bigbounty out on the authors of Sobig and Blaster, but they haven't found anybody yet. Butthere also hasn't been a variant of Sobig since then. That connection may be tenuous, but itcould be that the bounty does make people think twice about putting out new variants.''