Don't open unknown attachment

MyDoom computer virus will infect your hard drive if clicked

By Autumn Phillips

Wednesday, January 28, 2004

A well-aimed computer virus, designed to bring down software makers Microsoft and SCO Group, hit e-mail providers Friday and started hitting businesses in Steamboat Springs this week.

The virus, known as MyDoom, started hitting businesses on Monday, said Stephanie Reineke, owner of Internet provider SpringSips.

"Kim Mitchell from the chamber was the first one to call us about it," Reineke said.

And then it was everywhere. By Wednesday afternoon, SpringSips had sanitized more than 17,093 cases of the MyDoom virus, and that number was increasing.

"The problem with this virus is that it really took everyone by surprise," Reineke said. "It was out before virus protection companies could catch it. By then, the cat was out of the bag and it was all over the Internet.

"This is one of the fastest spreading viruses ever, and that's saying a lot."

MyDoom arrives as an e-mail attachment with one of seven subject lines, including "Test," "Hi" or "Mail Transaction Failed." The worm is activated when users click on the attachment.

According to an article on Wired Magazine's Web site, the virus first opens up Windows' Notepad and fills it with garbage data. The virus then scours the computer for e-mail addresses and e-mails itself to a random selection of those addresses.

"Then the virus looks for the file-sharing application Kazaa on the infected hard drive," the article said. "If that application is found, MyDoom will copy itself to the folder in which Kazaa users store files that they want to share."

To stop the spread of the virus, Reineke advised that Internet users delete any attachment they don't know about.

Now that anti-virus software companies have discovered MyDoom, they also are aware of a second version of the virus, known as MyDoom.B.

The virus creator has an agenda, Reineke said.

The new variant will launch a 12-day "denial-of-service" attack on Microsoft.com beginning Sunday. A similar attack will be launched against SCO Group's Web site on the same day.

According to the Wired article, "MyDoom.B alters system files in order to block infected computers from accessing a list of 65 Web sites, most of them belonging to anti-virus vendors."

-- To reach Autumn Phillips call 871-4210

or e-mail aphillips@steamboatpilot.com

More like this story

Comments

Use the comment form below to begin a discussion about this content.

Requires free registration

Posting comments requires a free account and verification.