Thursday, February 26, 2004

Fresh Worms Attack E-Mail, Internet Explorer, User Data:
"A series of new worms spread on the Internet on Wednesday, spreading through conventional e-mail methods. The new versions have escalated their attacks and destructiveness. "

On the prowl is MyDoom.F worm, which began action on Monday. It is the latest version one of most successful worms on record; earlier MyDoom variants in January launched a series of distributed denial of service attacks (DDoS) against Microsoft Corp. and The SCO Group. The new version retains its predecessors' capability to perform a DDoS attack.

"What is interesting about these latest worm trends is that they are very politically motivated. More than your curious teenage hacker at work; these attacks are stemming from groups seeking to make a statement on some of today's most controversial technology issues," said Scott Chasin, chief technology officer of MX Logic Inc., in a statement.

Beyond its DDoS target, MyDoom.F is also more destructive. A PC Magazine analysis of MyDoom.F, said the worm attempts to delete files on the system based on a probabilistic formula, adding an element of destructiveness rarely seen in such worms.

The worm also attempts to spread to file sharing users. For all these reasons, antivirus vendors are giving it a higher threat ranking than usual.

The latest threat is NetSky.C, which arrived on Wednesday. The worm is a variant of NetSky.B, which spread rapidly earlier this month, according to security vendors. It is also called Moodown.C.

According to F-Secure Corp.'s analysis of the worm, the new version is compressed with a different program. It also behaves differently in several ways than its predecessor, such as searching far more files for e-mail addresses that it can use to spread itself.

The worm arrives in a ZIP file attachment to an e-mail message. The file inside the ZIP will have two file extensions, the first for an innocuous file type such as .RTF and the second for an executable file type, such as .SCR.

http://www.eweek.com/article2/0,4149,1538954,00.asp?kc=EWNWS022604DTX1K0000599
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)