MyDoom.F-mm Starting Slow, But Has Scary Potential

The only thing scarier than this viruses' name is its potential for damaging millions of PCs.

The only thing scarier than this viruses name is its potential for damaging millions of PCs.

What a week! W32/Bagle.B-mm started off the week with a bang, spreading with Sobig.F like speed, hitting a 1-in-16 virus-to-message ratio at MessageLabs, but quickly petering out as word got around. The easy to remove, Bagle.B,like its January predecessor, was fairly benign. It presented no immediate real damage other than opening a back door and sending lots of copies of itself. Right on its heels however, was W32/Netsky.B-mm, another mass mailing worm that also propagated through file sharing. Netsky.B, like W32/Nachi.B, tries to eliminate the competition by deleting files and registry entries of MyDoom.A, MyDoom.B and W32/Mimail.T-mm. Gaining a severity rating of 4 (out of 5) with Symantec, Netsky.b hit outbreak proportions in German and Japan, and went world wide by Friday morning. Messagelabs reported intercepting 300,000+ copies of the worm by mid-day Friday, and had classified it as a medium threat. By Monday, Feb 23rd, W32/Netsky.B had hit the number one threat spot, with MessageLabs reporting over 1.3million copies captured.

Discovered on Feb 20th, W32/MyDoom.F-mm carries the potential to do some damage. Propagating by e-mail like its potent sibling, MyDoom.A, this version adds random file deletion and attempts to infect file-sharing users as well. W32/MyDoom.F-mm has, in the past 24 hours, started to take off, with Symantec moving it up from a category 2 to category 3 threat. Since MyDoom.F has the capability to spread like earlier MyDoom versions, it is this weeks top threat. For more information on preventing and beating this nasty worm, see our top threat section.