|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
JANUARY 28, 2004
By Alex Salkever Mydoom's Most Damning Dynamic As a virus, it's a me-too uncreative piece of work. It's so damaging only because so many individual Net users are still so unprotected Breathless press releases started flooding my in-box on Monday, Jan. 26, warning that a new virus, called Mydoom or NovaRG, could be the biggest cyberattack of all time. It was spreading faster than SoBig, the previous record holder, according to e-mail outsourcing and management company MessageLabs. And it was slowing down the Internet dramatically, according to Web performance tracker Keynote. It would even target SCO Group's (SCOX ) Web site with a denial-of-service attack on Feb. 1. No one knew if some other time bomb was wrapped deep inside the code that could take down huge swaths of the Net, erase hard drives of victims, or even disrupt operations of critical pieces of the world's infrastructure such as power plants and water-supply systems. The hyperventilating press releases were partly right. No doubt, this was the first killer attack of 2004. The rapidly spreading virus slowed page-loading times at popular Web sites to a crawl. Corporate info-tech departments sagged under the weight of millions of messages cascading into their mail servers. As of Jan. 26, 1 out of every 12 messages passing through the servers of MessageLabs was a Mydoom missive, topping the mark of 1 out of every 17 achieved by last August's SoBig worm-virus. Antivirus company Network Associates (NET ) says Mydoom and variants have infected 300,000 to 500,000 computers -- 10 to 20 times more people than SoBig bit. PERSISTENT WEAKNESS. Surely, the rapid spread of Mydoom is a giant cause for concern. To a certain degree, the huge infection rate is a result of both clever social engineering (getting people to do the wrong thing) and efficient software code that can spit out reams of e-mail from infected machines in a hurry. However, the real lesson from the Mydoom fiasco is an old one. Almost nothing in this virus was original. The wording used to entice users to click on the attachments was old hat and had appeared in previous viruses. The installation of a backdoor Trojan-horse program to allow later access to infected machines broke no new ground. What's remarkable about Mydoom is how starkly it underscores a persistent weakness of the Internet: careless computer owners. Everyone knows you don't click on attachments unless you're expecting them from a known source. Opening file attachments bearing the screen-saver file extension .scr -- especially when sent from strangers -- is just plain dopey since that's such a popular way to spread viruses, worms, and Trojan horses. TWIN VECTORS. Mydoom mainly struck consumers who, by now, should know that if they plan to surf the Internet and not trash their machines, they need antivirus software. All told, this outbreak is a reminder that the biggest threat to the Net isn't uncreative virus writers but consumer users unwilling or unable to correctly safeguard their systems. Here's the tale of the tape. Affecting only machines running Microsoft (MSFT ) operating systems, the Mydoom strain spread two ways. It urged recipients to click on an infected attachment by telling them that a message sent to them had not gone through and more information was available in the attachment. It often carried subject headings that matched this gambit, such as "Server Report" or "Mail Transaction Failed." The second vector of replication was via KaZaA peer-to-peer software installed on computers for file swapping. Mydoom would install a copy of its software payload into KaZaA download folders. Once Mydoom infected a machine, it would rip through the victim's address book and other files seeking e-mail addresses. With those addresses it would use either a local mail server or a mail server written into the code to send out a similar message. Mydoom has the capability to alter the wording and subject line of infected messages it sends out as well as to affix a wide variety of file-extension types to the virus attachment.
BW MALL
SPONSORED LINKS
Buy a link now! | | |
 Copyright 2004, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Notice |
Printer-Friendly Version
