ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

MyDoom trail traces back to single author

Published: 03 Feb 2004 08:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The two versions of the MyDoom virus may have the same parent, according to a security researcher.

The name "andy", which was left in the code by the author of the MyDoom virus, links the original program released a week ago with the B variant sent out two days later, Jimmy Kuo, McAfee fellow for security company Network Associates, said on Monday.

Other hints, including numbers that appear to designate the version of the program, indicate that the fast-spreading virus was created by a professional programmer.

"It looks like what someone would write when they check in source code," said Kuo, who has been researching the virus. "The interpretation is that 'andy' is the person checking the code in."

In addition, the author left a message in the second version of the virus for those with PCs infected with the program: "I'm just doing my job, nothing personal, sorry."

The MyDoom virus, also referred to as a worm, started spreading last Monday and has swamped corporate systems worldwide with a large number of email messages that appear to be errors returned from a mail server.

The virus-laden emails have an attachment that, when opened, installs a program on the victim's computer, in order to open up a software "back door." The attacker can then bypass the PC's security and turn the affected system into a "bounce point" for any network-based attack.

The first MyDoom is programmed so that infected computers will send data to the main Web server of the SCO Group between 1 February and 12 February. The second version of MyDoom is set to strike Microsoft's main Web site between 3 February and 1 March, in addition to hitting SCO. (The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.)

While some researchers believe the MyDoom code may have originated in Russia, it's almost impossible to pin down Patient Zero -- the first infected computer -- or the person actually released the virus, Kuo said.

Further analysis indicates that there may be some good news for Microsoft, Kuo said. A programming error in the virus may mean that, starting from Tuesday, only 7 percent of PCs infected with the B variant will actually attack Microsoft at the same time.

"We think that... 7 percent won't be that large a number," Kuo said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
92 out of 182 people found this useful



Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

Synon iSeries Developer- Media Client 45k Central London

Industry they work on some of the most lucrative projects in the country with plenty of hands on exposure and team leading opportunities They are now ...

PL/SQL Programmer with VB.NET & Japanese: Insurance Client 40k

PL/SQL Programmer with VB.NET & Japanese req.for Insurance Client 40k My client are one the world biggest Insurance companies with global offices and ...

2x Cisco project Engineers 6month rolling contracts Sussex

Interviews are booked for early next week, and they will wait a short while for the right person to start. My Client based in the South East is ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

1 comment