As MyDoom spreads across the globe with frightening speed, Web surfers and Webmasters alike are scrambling to avoid catching the dreaded worm or, if infected, dealing with how to get rid of it - the latter of which describes 420Times.com and 420Girls.com owner Rob Smith.
Smith runs a pro-hemp adult site that features girls and rock stars revealing their love of marijuana, posing for pictures, and much exclusive adult content. Recently re-launched as a pay site, 420Times.com offers news, comics, interviews, stories, cartoons, racy photos, a forum, and more.
Smith was hit with MyDoom (also known as Novarg) Jan. 28 and everything ground to a halt. The virus attacked his computer and sent out an e-mail to the program that houses his contact database.
"Norton Anti-virus didn't have the patch for it when it came out because they weren't expecting it," Smith told AVNOnline.com. "So it affected my computer, even though I had done Norton updates just a week prior. The thing hit me, got into my computer, and sent out to my Major Domo e-mail database of over 50,000 people.
"After people started responding to it, replying to it, it was sending the virus and the reply to everybody on the list all over again," he continued. "It locked up my server and it crashed my F2L databases and five programs. It was a huge cluster fuck. People were threatening lawsuits for sending the virus to them. They didn't know what was going on or what it was. Later, after I got rid of it, I sent out an e-mail explaining what happened and providing all the repair links. By then folks had read all about it, so people understood and apologized for flying off the handle."
So how did he get rid of the virus in the first place?
"I went to Microsoft's site. They have a special place where you can check your machine and see if there's a port that's open and they send a Trojan in there to start doing things on your PC to fix it," said Smith. "I got a Microsoft patch, and I was fine there. Norton Anti-virus finally did an update and I found the virus, cleaned it out, and that's the end of it. Then I had to go into the server and remove the Major Domo program and all the databases we had in there and had to do all the server repair."
MyDoom.A infected hundreds of thousands of computers worldwide after its Jan. 26 introduction, with a second variant, MyDoom.B, hitting cyberspace two days later. Though their attacks are programmed to stop on Feb. 12 - MyDoom.A against SCO Group's Website, MyDoom.B against Microsoft - by then hordes of computers will have been decimated, their e-mail lists used to further the infection, and Webmasters will have spent thousands of dollars trying to rebuild their damaged businesses and tarnished reputations.
MyDoom typically arrives attached to an e-mail with a spoofed sender's address, a variable subject, and short message body. Subject lines have been known to include "test," "status," "Mail Delivery System," "Mail Transaction Failed," "error," "hello," "HELLO," "hi," "Hi," and "Server Report." The attachment comes as marked file types .exe, .bat, .cmd, .pif, .scr, or .zip, and filenames like Readme, Message, Body, Text, file, doc, or document, often as not in a Zip-file format with the familiar WinZip icon. Some body texts have read, "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment" or "The message contains Unicode characters and has been sent as a binary attachment."
"They are saying this one was the worst so far in history and affected up to 15 percent of all computers on the Internet," Smith said. "I read that it all stemmed from some underground beta test site for spam marketing. Microsoft has a quarter-million dollar reward for the capture of the person that started this."
Yet the capture of the culprit will hardly repair the damage already done by the attack. SCO Group was forced to build and post an alternative Website within hours of MyDoom.A's attack launch Feb. 1. Microsoft wasn't affected as severely by MyDoom.B when it launched attacks Feb. 3, most likely because MyDoom.B didn't proliferate even half as widely as MyDoom.A. But Webmasters like Smith have already suffered at the hands of MyDoom.
"It totally screwed me up and cost me about $3,000 in lost work and time and everything," Smith said with a sigh. "It took us six months to make that Major Domo program operable and now I had to delete the whole thing. Now I have to start all over. But at least we're up and running. Everything is fine now.
"The only problem now is that lots of people aren't getting business e-mails because the spam filters from their hosts and ISPs. That's another issue that has come up since this thing spread. So people are losing deals because a spam filter grabs a legitimize business e-mail and considers it a virus spam. But so far on my end, the Doom issue is a done deal."
For more information on MyDoom and how to remove it, visit Symantec, F-Secure, or Microsoft security and disinfectant pages on the Web.
