New MyDoom Variants Could Forewarn Major Attack

The arrival of four new variants of the MyDoom worm within the last 24 hours has anti-virus experts concerned.

The arrival of four new variants of the MyDoom worm within the last 24 hours has anti-virus experts worried that the virus creator may be preparing to release a major onslaught.

On Thursday afternoon, MyDoom.U, V, W and X all appeared within a couple of hours of one another. None of the variants is particularly worrisome or innovative on its own, but taken as a whole, the release of four versions so close together is of some concern, experts said. The last time so many variants of one virus were released in such a short period of time was in July when four minor versions of the Bagle virus emerged, followed by a major new strain.

Anti-virus researchers say the MyDoom author could be following a similar pattern.

"The last time this happened was with Bagle, and the next one was a big one," said Sam Curry, vice president of the eTrust Security division at Computer Associates International Inc., in Islandia, N.Y. "Plus, were getting close to the end of the alphabet and a lot of times the Z and AA variants have some extra impact."

Curry also noted that with the third anniversary of the Sept. 11 terrorist attacks coming up Saturday, virus writers may be looking to make a splash.

"Even if this author isnt looking to make an impact on Sept. 11, every script kiddie out here is going to be at it," Curry said.

/zimages/6/28571.gifA researcher recently predicted a major coordinated strike against Internet servers. Click here to read the story.

The four new variants of MyDoom are largely unremarkable and are similar in construct and behavior to their predecessors. They have spoofed sending addresses and typically meaningless subject lines and body texts.

However, Curry said that some of the variants include the phrase "proof of concept" in the code and are missing some of the features of previous variants. For example, some of the new releases do not have the ability to spread via network shares, as earlier MyDoom variants did.

/zimages/6/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Be sure to add our Security news feed to your RSS newsreader or My Yahoo page