|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
JANUARY 28, 2004
By Alex Salkever Mydoom's Most Damning Dynamic [Page 2 of 2] BACK DOOR FOR BAD GUYS. The virus writer added a couple of new tricks to Mydoom on Wednesday, Jan. 28. This slightly more dangerous version, dubbed Mydoom-B, holds modified code designed to launch a denial-of-service attack on Microsoft Web sites. Even worse, it can block Web surfers from accessing antivirus sites where they might be able to download a fix or new virus definitions. Antivirus companies are now setting up alternative sites to alleviate the problem. Some of these characteristics have made Mydoom and its variant somewhat harder for antivirus screening systems to spot and stop and harder for uses to eradicate. More insidious, the Mydoom Trojan horse left open communication ports to the Internet that almost any bad guy could exploit on an infected machine and also left software on the machine that would allow spammers to take it over and use it to send e-mail -– another payload that previous worms and viruses had carried. Mydoom did come up with one interesting strategy: compressing the attachment into a .zip file so it initially evaded antivirus attachment strippers. That worked for only a couple of hours, provided users update their screening software automatically. UP-TO-DATE DEFENSES. While Mydoom certainly sent out enough e-mail to clog the general Internet and corporate networks, the vast majority of infected computers belonged to individuals. According to antivirus company Symantec (SYMC ), 9 out of 10 infected messages came from consumers. There are several good explanations for this. Though corporations still aren't nearly vigilant enough when it comes to warding off all manner of security breaches, most have at least set their mail servers and antivirus gateway programs to strip out any attachments bearing certain file extensions, such as .exe, .scr, or .pic. Those corporations have also configured individual users' computers to check for virus-definition updates when they log on and distribute new definitions as soon as they're available. And corporations, unlike consumers, generally don't let their licenses for antivirus software lapse, so they don't lose access to updated virus signatures that can help their software identify, screen, and stop Mydoom and others. Corporate networks, therefore, while still vulnerable to traffic overload, would be less likely to propagate the virus. "HAZARD TO EVERYONE." The real extent of the Mydoom damage won't come to light until after Feb. 1. The SCO denial-of-service attack could clog the Net to a much greater degree than the initial spread of Mydoom did if enough zombie machines infected with the virus beam out enough traffic at a fast enough rate. What Mydoom and its ilk are leading to is a day when Internet service providers either build antivirus protection into the subscription price and run it for individuals or require customers run updated antivirus systems before they're allowed to connect. "More people think that if you want to use an ISP, you need to have some type of basic protection. If not, you become a hazard to everyone else at that ISP. There's going to be a time and place where the issue is very closely reviewed," says Alfred Huger, senior director of Symantec's security response team. That time and place is fast approaching as more and more consumer broadband users come onto the Internet and even me-too virus come-ons still get users to click -- and cause chaos online.
 Salkever is Technology editor for BusinessWeek Online. Follow his Nothing But Net column every week on BusinessWeek Online
BW MALL
SPONSORED LINKS
Buy a link now!Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | |
 Copyright 2004, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Notice |
Printer-Friendly Version
