Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


MyDoom Aims Glancing Blow at Search Engines



 By: John Pallatto
2004-07-26
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
While causing denial-of-service attacks on popular search engines wasn't the main goal of the latest MyDoom worm variant, that was the effect as the new version spread rapidly.

Performance problems reported at major Internet search engines were not the result of a direct denial-of-service attack launched by the latest variant of the MyDoom worm, anti-virus researchers said Monday.

The latest version, variously named MyDoom.M, MyDoom.M@mm or MyDoom.O, is slightly different from earlier versions because it uses the search engines to verify and locate additional e-mail domains to infect, said Lloyd Taylor, vice president of technology and operations at Keynote Systems Inc. of San Mateo, Calif.

The worm spread rapidly as people arrived at work Monday morning and began clicking on e-mail messages that included the worm code, Taylor said. The worm "started spreading so quickly that the sheer number of machines doing e-mail searches overloaded the search engines ability to handle them," Taylor said.

Internet users experienced intermittent problems on Monday with accessing popular search engines including Google, Yahoo, Lycos and AltaVista, according to Trend Micro Inc.

Resource Library:

Search engine performance started to return to normal Monday afternoon, Taylor said, after the search engines effectively blocked the MyDoom e-mail searches. The access interruptions were scattered and intermittent, Taylor noted. Users in one part of a large city such as New York might report outages, while users in another area would have no problem accessing the search engines.

Click here to read about e-mail performance problems caused by earlier versions of MyDoom.

But PC users whose machines were infected face potential problems in the future. As in earlier MyDoom variants, the worm implants a "back door" into the operating system that will allow an intruder to take control of a machine and potentially use it as a spam or pornography distribution server, Taylor said.

Users should ensure that their anti-virus protection software is updated. They should run a virus scan if they have any suspicion that they deployed the worm on their system.

This particular MyDoom variant spread quickly because it used a form of "social engineering" to trick users into clicking on the infected file, which might be in the form of a .txt, .doc, .com or .exe file, Taylor noted. It usually took the form of a warning from a corporate IT department saying that it appeared a users machine had been used as a spam server.

The message also told the users to click on the file attachment to get instructions on how to remove the spam server from their machines. But clicking on the file would actually deploy the worm.

The rapid spread of MyDoom.M is not an indication that virus attacks are getting more sophisticated or are more of a threat today to search engines or to other online software platforms, Taylor said. All e-mail users are just as vulnerable today as they always have been, Taylor said.

But the search engine sites showed they could respond rapidly to block the problem, Taylor said. Major software and product distribution sites such as Salesforce.com, Siebel.com, Oracle.com and Amazon.com all have security in place to ward off such attacks, he said.

The latest worm attack mainly shows that PC users are as naive as ever about opening potentially damaging e-mail attachments, Taylor said. Users have to think twice before they click on any attachment that appears to be out of the ordinary, he said.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

This latest worm isnt likely to cause long-lasting problems for either the search engines or corporate network managers, said Joseph Hartmann, director of North American anti-virus research at Trend Micro.

"This is more like a garden-variety virus infection," he said. It may be causing initial trouble on some corporate local area networks, Hartmann said. But he said he doesnt believe it will be as damaging as some the other recent infections, such as the Bagle or Netsky worms.

"People arent going to remember this latest attack for very long after this week," because it should prove relatively easy to block and clean from networks and personal machines, Hartmann said.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: MyDoom Aims Glancing Blow at Search Engines
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By John Pallatto
 


x}ks8q8cHS%ؖRMV(8H.I?q /=hɏLdƶD th4?'I"n\8ܢd;|9|@D%SjNA]k3g{l es`p,FmgM d{=Bm ~5; s!%>֥qϊ} c [tV;v T| pfL&;=az5ExLԸ#|x\{Gd #B=xa/ w-}qH3ZUX'[vkx!BP#"FτwKA%˙8IؓIuhlUD`iRi13 LeC1;r,ǃ)KTQ3c}fZ3u-3@ؾQ̀ EuL_FBS If [a̳X#vRpce[]6g5]v9s8$sz3 wZENX*o~cn! :r<=0;DL=:/yÙÌ6mަ?'7;A: NַRߙ+0QT&*rp4K2A hjCG',{/B oVs7-b)ڑVP]G$0L" J3~̢J >gsK߾ڤ>9;O}3fP+M~(#3hؕΚgxg^uܜn9n:MvIs!+|v!5 0\6:֪o~=7c߮CׇEXCyCa#U~Ef=jio]}<>$7Yn[gs`HmDm[ܾ̑\R yǛka(7F`X@7? iP2\M8X@/@ש#atBjmҔ 9B:%ϹyWϝ7>hr Ce)#8?S݃IhJq䰉c,XSl؅ RMo4x ~&,)|YB* brݢPP3>ΧKdoF" 2#~B(pHqbNbϑWM}zjNTʊ0Wr{g,EށؓixnUO^ S3G#вnZsV)b1WJPX=*‹JMU~ _1p-~~j0B m] :V}y0`hvz3Ϩagnۉ9~t$AG66^lzK $ ,70}HOQI4wX8=cOv/|\aPn=D5i-DCw 0Ie&3 yG νdrgo͠~(wMnP>X^0 jp.HpyY?9d} wA,߃9#z[MKx GRP|'sZ( w^b{""D% T h4AǰEENAw;.VKŤ\*y"Jm':Ν3PKRx&,S,BV-KᗄPf%i2m<-&D7r"e.G wKᙖ6FlY,*GV+WMz92a @ == 3ܴ ҄%Ll;i`0Ґ(e`9ޟx=~ h? OzuG VV̚s=R.ƃ5‚L;ilQ̴a85GS9_Aa" eBC`9N{S^kȓ:L:%\w;ıa漇d:N'p6?>{@OM\n|8$4<3_O#k[}M߄V 9uC \D r}͚X 4ؐ|&Bw7cn^ښtɕu.F(hJ~)dz~#Jݸ^`3h{q#%IAg=U檳@d:[6[K7˦EI8Jʰ.Z*Ui -a70Ԣ(P|M$"!tsaͰ,C /0JeHǝ:~Lҧ;BSjb35-F  ? |'+ȁUrqXk0읶Wׅ])ϥ/xMvpv9Je!6c{i-6ӮWKHLZ`!?RP՘$'i/#Y /9-0cY}6aDm6#(MEZ"=G΁4MD85[/OAE-4$qx3??uPV&<[?\v_>:F}`'z\sgIF}OДa˘34|q6L,*I՗bAQ OkMf٧7_gӀah"pHE@xZhp\@U.(L-9Hj1-[ hg [Qzn3C zoaRI?IL!2BO{M{c>4YU f2~2Ejwp81< __ p˻Sכ~~6Fi ^8AL}6݁ /r/,|tqZEL[vO`cQ av5 1;?UkJ?C2By^Yhw\rR" Qptoգ)u7ufv9A#]#@$72]r@ XQj0q{s;OM?bL%Jt( ֹB\U4UeGԻ5ubH#C`JEWFlH(Tg7gMEH]ac6U{z@n)Z-MӓU;4 ϢcIۛ'ojA-rF7=_`%to@șY!7Gj1m97a~<('cjZ)KXDb+>u8Wۄ`gsJU086 LB1l۹+a*r6_?J=[L4@V1-0]̞̙A-mۨ5 L Vjeav bȈCrfzB$>s/=Zip>nz*%\.Yid {2u9p\s_G3~a,0r&n\#)&!jخOl$oy U8e3 -S`e3˕2~g^`. JU-~ |ѝxAcEi\kxkc}ʧBTuQRnTbPQKJBЛgQ!VA#Ǹ"ZAY_MkOhs)p B0_\PFͧ.^ʵl`^ASf<^ΐےtK3ק~ 6FtMnIoΛ26$v ˽'jD@KYJ7ѭj՚*\U%P-HjYtn:0nȄOXD[^:J&2O%ss< ϟݜ;s`>L;J墦Ak R;qO+a>&rakS@Z: #ɢ\' WeRU8J3Az vBs=Q<C M8qm oRٟ:sɖBzK(4Ԉ xϰL' eVqc?3 cC7WZU{ E D@;n߱?% ?S-l8)F#t,+?~g}e_:m^t?&~fm?<u!aa="g~`}܇4._eCR:"j%u.lb8K} LAIP 4p="iCOճ"ju.Km}#8-odD4|w/ΥI{͏e[J:^w9"!5;/YF^99o7OM10vhR`QfjmX#h^6"B@ t[k,8;XKr!}&=C٠<mDy8eVyy_aݪ,d20!&Wtvă}E9ǀzB:Λ#i%LB[( `M/Щ cALFrEl&zRG>egIəπ/QIS):*9Q{/0[LӷoHW蘧Y;D_q+ sz4~& \3Z9n|"B2^'68;=h)9ޏHBFE/pǻ"TS8LMàv)fTDxi'>fax!w-0q%՝b"0oBٺCO,l}[[ΘhIS:%I# m$jRSfj# $_2JI,v+6ht(lAzW jÚ]e /.\߹m|d`M`l)Za!|)Nr 9i`e>%;yRb}b%%h8W&Brc'?<@s`¼*,SVHl;`ұGy~"ѴNxL7Ď#^@(NVu2k=7x'[_YN.t0o9]#ޓd=tWcL_ ;}l}DK,a43q=vbϓ{~\[5("Ξe氎cnW gtFHK.}<﷯Is 09nJs t#s5yׅO>4dwD/'yV7N{m,d1]f/c_; ?--8tǠCR#K1M&$Z^VP**sᔤ˞ȔWN HXd1 0d&'q=+#{G{ {!.u01y+-R!ekEwWUKK㒏ʲE:'%:mחB}޿ BĬhg2h덫{u'|ȞF8^j[c鼳2> AC؞qbLpx2HB%wVpN Ϧv_ O%FJMc-ێ!%/hvpU4"Zy"N0? W_M·⎭zgQ$g |o(o'򽥎xknZS*9ߘP? M{fr+ 7~=nɸ!E'͖xLM>_'2>6,ɺK{;ܢjjIb~@WɄMQB.rNX'0…~|8A ssޑ~e>O8 2(F]-/>ѣTO⿬_Нy ;9!rx;gP;#X!aq<_bc$H۞6oMB=g=;91 tq KDE7s%%Y}2}Sv|hMf41'pfAGx7^"(w?GyUbzFt ^[⠁ArK~~ T&r{v=Gok@vj1ұ4(?\/x߂Z{]Jb)I?y#~9+F@0C^<+ Ӵ1NjKz$XC ?>Y e) ռPňL!H"lX$ ȥ(2@:-@)@QBzyc Jo>/JJE*o2K{:s{r9bCFTœUT*2 oi =+Jk6 \YTdm7sG)ΧvbÚVؖ "PIH73L_T& ;д oRFة JmWŗRo1c٭y*p.uY~-k_9ǵ9(I-vלKr~c?'6I0D&7^H >&en˔s;ɢⵃL \}&Ĵ(V:g0a"2LÀFB`haS&ا#poNUFN-n\gB 76-|`+KQŢK裴KJgW\>At`ՆpI7Z1=6QHx{;6$i[_d1޽疁0L/aKabN;ޭJZZ͚p NBqY0_B$ ė S4>*缽V7&KX)1o3)qWwwww뺍>m릗gAӾ5[)tK WHϼEKf_9ObVԖk*!- l-la $j߼sZѾ4dj-9\qLYԛWwx`h{t=gwJ]}`=% \$ 8x23: ܅sK6B=^gؒ1 /Řu9ԹGzv0o2y^x+`bx!$@>z-> [aWbg X7%'_kr)Ew(WbVR988jotܙ+shʖRz+>ʾ(]',a`^^^`,6GOЂnF{!?G^ !v¼K-VNB7-4etIW^K1nP N[º$] k7 7 ׾LL_!%_%W^z"<6' aWژADhF5z5Ds[T!䁼ߐj/6ϡyJ6X\:x3%tE޳l7#aolךaFJ^U+ ʏ6C96Ge-L76v;  ƆSf=XRGL-1Rצ321Bcp_:ۜ|A}6ضвV{Ihh}6\[S:C@Rآ!2pƶ5_5:޽)]LK*4DZ2Fvh'#9Eh֊ќRB.vR;_g;B _w; Vվ'iH\MY!CgLͲ=tf8os~66¬"#A@s{_⻱π΁x4`TJZ) ,r{Y! ϖNS\,qquS.BoR4_]=y2M-GhSn{Tf yf)BS .ԍm#l(M#ۀږձ4O(JU_tׅdUoko#fyΜ;mV)jhk+1}el؂_? FRˬ_$I3Ʊ+}c8ET1̭-Ydn;XD%VHy yA|`߱1; Rpx@QL˛WH csa皖\ ' _ӈatWb1Y}Gj OQ5k>fFPCv47~RJa֜1tq*o,rmkʁV=P,JY+ Z I7!7^H&WW qn "^tIw'y{Dd#,', h6t`a3`n3λykb9qe1ga)XOՒ~ j~h!%KZk^YR+Ȉz~j]!1c╾TA9-Q56]RU B-~0[i1]Hst3#mz^C GJk&]Gav̈́7|W@O[jkwhDPU,u^ȩєgF[TxvXj# 1{x٥JĶ}y lMᗚk3烔KpʭCף:̹OOMĀoVn琯*ewZ.W>sW5Up`QkXiec=Hy1~RI+mݳi8.f3|I1yO2J\dH>HP*$ZzYFO>^kQ G+j1[ w5kU QqAH0G[x.%5&o[I{e>dg -:s^aci7t]stKs>н3B;sYe۫u%ge~;MWlfmmIU+ ַg%.04%n'S肜nMP-=сHz.:N#V¯mR9ʵVܞVkظk0儔JzN۠AץcDӘP`aLW<00t+P̲jNT]OpY=XCE3 c _\}ĭBA*o[Y_D_dqm-3tL'`߄W>8' :{ᛂrPZ-]F/|T0/b=3-񸐤#^>xAE1K= o E9# XJW7}D['鍀I㏖+62sjDlY /uhߴsrپ靷u=< gD&8 Oy;fU}tQh0pcf]vF36g9WFO 21tQ-l \Zs4pB_oG͇˞RS Iݹ`?Ðs{VCRZ"/bR1@Q>~1&v+!"L 6@@P0H7% `H 1LL uF>05g3bwIq(xȂR{DSs%%zH"V|8snj=J< r~ 7_$R D* t]\UP*@J>S|??'­!Rjs# h_VMf4:`F" U-x})lH < 23LRkR>ɖàzEQp#ߛSg0Y+1غ9PKAguUaq VH+^@03:%b`fڟ,\yuuvI^ۤwrݹw}޽O֚_ԝnIi}uݹ<F;6M&E`<ejE)sC9,jO6W#\grxixɎ(ah,.6u{$;G(%lGyї51oLl+=ViԊkm9Gj:ٙ%%'u[9mzfx9j}*4=V08SD^}'vn<(_2ʯzsI8QޅnF9rzsy hjg@Si}CgG(ku6wZFQd3ˌr'zƇ^Fg(gٮq1>E" >"@ \_^dE^f ?eAYFߠoP~Q{1 ?s w1~]7]? /WWq_e s?=eg_P>f'(U}Sn&&oon2/9IR< 9k^픊8kgK " SV9,.O3kP g  ~-2*B @^~ sum%R+ ]Q%=Mk[I2n@+ȣ_zi k{]yHGW4<< X1rnmfJ-@ P1=:1vcۨ*iۼx0%aw8cokx;b(q Y8P*`)K؞:F^͇$r2gLߟiǤK4l!%KlŜh'b( N>@OÙxʏ,O~f+gM تGШswӦB~`̀tWЫȅ&3b" 9oٔ^^C΅*˗ X627du;|sst˭d<@aRۨWyɑf"9<;$}F(r1>taxap7teL4w<[Ɓs(*&-c ]tKW`wƨ&f\)!𰙄iFS_us' U?틷*D#[#7X[Nƀ_@o+8݈qef~c̆I ůř7Y*}0 nl8cXs4u]ݍ;S //TB# l˜0ƚ oK:Dƛ`/?\vi ӥe&"xDFlvK}T.q sEeבe,&J =B8̈́42,Nd=:vMhpK_ 2)#,|H𵝦n犱LZԝ:6Zd9\A}0D00Y~l'>AՋpO`HzB=Xt(̮WhDoz^DltΖbŮszn%()%y+L9(م7xES*HFSmOTx/ē_| 3Obx`#Yұ ߞQ TDO2Ntx9=|En[~QڗE@1agG;(HYUҎ/u KwTr$sDs݅ ߠ(b/<% *`>=.X&">m?'.}Fu+J' "@2dԴu{$/;v4fR*4$NSx4)e[ O2OC24`)yc<9znG}޴mcHPWFׁݞV Xo} 8lO.d|}́!XsCQ%7` =[u}^nT 2+1 <&`#]&\f\j_fJ.ѮRTnbbq8g;&gw6G-] XGx kyf#ŧ3W<2ZP'jdVw@8̝-ӟ~H׶I5"`:=Vڕ+zYL1e~}=3ӲG(q52,@zP݌5`y+@44{WG[mx uuke!.1:7˟]lׁQ#hӰ QaW:7n MywT \7o]ecAP1W)?&Il}ralX ^|޹+o3Љe{0^Np2$82#" $8zIW{{a0&iE㨤t`C v_ʉ~ph;?҈>A wVǰ.XF!&ۅ7O80Ux|-h\};}r,s0#ŸEr g2GjV+kd'KW̱ v&12Mo,gkV"K깘#yAs3vMnBO .&DW6K54Ƙb>Y{&L6 92lt* X>!ˣŬ"D0Ȯ'Z:tsh{h۟XsTHهl*~&/(,{+нT~xFK-^8Q> χ"@Ԃ+"e})IDy)/ρ/($3}E.tǐy6xL _M4V*wN㛼VtƢI:6pzRSV01{l~r[)CUs̥D/5^JB\sjh6