New Version Of Mydoom-O Spreading In The Wild

Experts at SophosLabs, Sophos’s global network of virus and spam analysis centres, have warned users to be on guard against a new version of the MyDoom-O worm which emerged overnight.

The original version of the MyDoom-O worm disrupted the popular Google website for a short while in July 2004, making it inaccessible to many users, as it tried to harvest email addresses from the search engine.

The new version has been repackaged, possibly not by the original author, in an attempt to avoid detection by anti-virus products. However, Sophos’s anti-virus products have been detecting this new version since 22:54 GMT on 16 February 2005.

“Right now, we’re not seeing anything like as many reports of this new version of the MyDoom virus as we did last July – but it is spreading in the wild,” said Graham Cluley, senior technology consultant for Sophos. “Unlike last year, we don’t expect to see Google whacked by this worm. Computer users who have kept their anti-virus automatically up-to-date and are wary of opening unsolicited email attachments should have little to fear.”

The MyDoom-O worm can use the internet search engines Google, Yahoo, Lycos and AltaVista to try and gather email addresses to send itself to.

“What is ingenious about the MyDoom-O virus is the way it can find email addresses of potential victims. Like many other email worms it searches your hard drive for email addresses, but then it uses the domain names it has found to discover other victims via search engines,” explained Cluley. “So, if it finds the email address mickey.mouse@disney.com on your hard drive, it then searches Google and perhaps finds Donald Duck and Bambi’s email addresses too!”

Sophos recommends companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.

Don't miss