Another month, another variant of MyDoom—this time, the new version of the pestiferous worm is spreading by way of copying itself with its own mail engine and harvesting prospective targets from Google, Yahoo, and other search engines, and is said to have been whipping around cyberspace rather quickly February 17.
This isn’t the first time a MyDoom variant has bedeviled search engines. In fact, the new variant is believed to be a variant of MyDoom.O, which hit during summer 2004 and pounded Google with so many queries that the search kings were down for the count or extremely slow for long periods of time, according to several security analysts. That variant also took smaller search engines like Lycos and AltaVista offline completely.
What makes the new MyDoom variant distinct, according to antivirus and security firm Sophos, is that it prowls an infected computer’s hard disk for e-mail addresses and then goes back to an Internet search, trying to find e-mail addresses in the infected machine’s domain—in effect, taking aim at all users subscribed to specific companies or service providers.
Sophos said they first spotted the new MyDoom late February 16. But the company also said the new variant doesn’t seem as pernicious as the last one—yet.
"Right now, we're not seeing anything like as many reports of this new version of the MyDoom-O virus as we did last July - but it is spreading in the wild," said Sophos senior technology consultant Graham Cluley in a statement. "Unlike last year, we don't expect to see Google whacked by this worm. Computer users who have kept their anti-virus automatically up-to-date and are wary of opening unsolicited email attachments should have little to fear.
"What is ingenious about the MyDoom-O virus is the way it can find email addresses of potential victims,” he continued. “Like many other email worms it searches your hard drive for email addresses, but then it uses the domain names it has found to discover other victims via search engines. So, if it finds the email address [email protected] on your hard drive, it then searches Google and perhaps finds Donald Duck and Bambi's email addresses too!"
Finnish security and antivirus firm F-Secure calls the new MyDoom.O variant MyDoom.BB. F-Secure said MyDoom.BB tries to find e-mail addresses through queries to Google, Yahoo, Lycos, and Alta Vista.
Symantec, which makes the Norton family of antivirus and system protection and repair products, said February 17 that geographic distribution for the new MyDoom.O—which Symantec calls MyDoom.AX—isn’t widespread yet and has an easy containment rating, but is getting high threat ratings because it is considered in the wild at this writing and has been spotted at more than ten separate locations.
