[Previous entry: "More on airlines"] [Main Index] [Next entry: "Privacy Villain of the Week"]

01/29/2004 Archived Entry: "MyDoom"

This is one nasty worm. It's beginning to look like MyDoom's denial-of-service attack against SCO (and now Microsoft) is just a cover for its real purpose. Analysis is still underway, but it appears that MyDoom is designed to serve as a spam relay, hijacking hundreds of thousands of PCs to forward spam messages. Even worse, it contains a backdoor which will allow its creators to install new software on the infected PCs. And there's suspicion that it includes a keystroke logger, which can capture passwords and credit card numbers. If you're running Windows, get this thing off your computer now. Free tools are available from Symantec, F-Secure, and McAfee.

MyDoom is one of the first of a new generation of professionally written viruses -- as suggested by its sophisticated (new and successful) "social engineering" which tricks the unwary into opening the attachment; its lack of obvious grammatical errors; and the small size of the attachment. (The only flaw in the design is the blatant DLL name -- shimgapi -- which reveals an infection.) We'd been warned about this, and now it has happened. Expect more of the same.

Bill Gates, Knight Commander of the Most Viral and Execrable Order of the Blue Screen -- or something like that, anyway -- thinks the solution to spam is to charge senders of email a fee. (Sir Bill is a whiz at coming up with any number of "ideas" that don't involve fixing his buggy and insecure software.) Aside from the accounting and privacy nightmare -- every email user would to have to provide a credit card number? -- the plan won't work, because spammers are going to use hijacked computers.

On a similarly pointless note, the Feds, who apparently believe that they can make water flow uphill if they legislate long enough, want to require senders of pornographic spam to label it "sexually explicit." Yeah, like the CAN-SPAM act worked so well. Not! This new idea won't work against offshore spammers or PC hijackers, but it may rebound against legitimate users. (What constitutes "sexually explicit"? They know it when they see it?)

Meanwhile, our individual and private actions have been working. I picked the right time to kill my old, heavily spammed, email address; I get only one or two MyDooms a day (although I've had to turn off my auto-responder, so as not to contribute to MyDoom-related traffic). Wendy's anti-spam service (Postini) trapped MyDoom from the start. And since the start of the year we've been an all-Linux house. Finally -- and most importantly -- we know not to open unsolicited attachments!

brad

P.S. This just in, if you use the Check Point firewall software, there's a security fix you need to install.