MyDoom-Q Worm Uses Yahoo Search Engine To Find Email Targets

Sophos is warning computer users about the latest variant of the MyDoom worm, MyDoom-Q, which is spreading in the wild. MyDoom-Q arrives as an email attachment, and scours files on the infected user’s hard drive for other email addresses to which to send itself. It also uses the People Search facility of the Yahoo website (people.yahoo.com) to try and find additional email addresses to try to infect.

This attack echoes that launched by last week’s MyDoom-O worm, which used the Google, Yahoo, Lycos and Altavista search engines to harvest emails, and left millions of users unable to search the web using Google.

“Copycat viruses are all the rage in the cybercrime underworld, so you didn’t have to be psychic to predict the release of more worms trying to scoop up email addresses from search engines. Unfortunately, we expect to see other worm authors trying similar tricks in the future,” said Graham Cluley, senior technology consultant for Sophos. “All internet users should do their bit to ensure they are not passing on infected files by using up-to-date anti-virus software and exercising great caution when receiving unsolicited email attachments.”

Both Microsoft and SCO have issued substantial rewards totalling $500,000 for information which leads to the successful conviction of those behind the MyDoom worms.

“Someone in the computer underground must know the person or people behind the MyDoom viruses,” continued Cluley. “Those with knowledge which may help the investigation should come forward now and pass their information onto the authorities.”

At the time of writing Yahoo’s search engine appears to be working properly, and MyDoom-Q does not appear to be spreading in the wild in anything like the numbers of its more prevalent predecessor.

More information about MyDoom-Q can be found at http://www.sophos.com/virusinfo/analyses/w32mydoomq.html