For the fourth day in a row since the worm was first identified, MyDoom continued clogging Internet service providers and corporate networks in a smothering of e-mails, as the worm's payload is expected to launch massive digital attacks in three days from this writing.
And some believe that MyDoom will be plaguing e-mailers "for some time," according to experts talking to Reuters. "We are seeing companies struggling with this as they cannot clear the viruses quickly enough," said Sophos antivirus technology consultant Graham Cluley. "This one will be with us for a while."
MyDoom's first target is SCO Group, which is engaging in a running battle with Linux users over the company's claim that Linux open-source operating systems illegally appropriate SCO's Unix technology coding. MyDoom.B, a variant worm identified two days after MyDoom.A's arrival, targets Microsoft Windows. Both are said to be aimed at shutting down the companies' Websites, with attacks on SCO programmed to begin Feb. 1 and Microsoft to begin two days later, Reuters said. The attacks are programmed to continue through Feb. 12.
SCO has been careful since MyDoom's arrival not to blame Linux supporters or sympathizers directly for the worm's arrival and spread. But computer security analysis Website Vmyths says they not only think MyDoom originated from "a Microsoft-centric virus writer," the site thinks SCO may be playing "media sensationalism at the expense of the Linux community."
The news goes from bad to worse, if you believe security experts, antivirus makers, and computer security firms saying they're all but powerless to stop the planned attacks. "It's very difficult for antivirus firms to react in these scenarios," MessageLabs chief information analyst Paul Wood told reporters. "We're always going to be on the back foot."
The first MyDoom is also known as Novarg or Shimgapi and is said to have infected hundreds of thousands, if not millions, of computers around the world by luring users to open an attachment to an e-mail with a subject line like "test," "status," and one or two variants on mail delivery system administration subjects.
The attachment appears with .exe, .scr, .zip, .pif, .bat, or .cmd, Opening the attachment triggers a program that can turn the user's computer into a conductor for sending the worm around cyberspace and helping to conduct the programmed attacks.
MyDoom.B appeared Jan. 28, spreading less quickly than MyDoom.A, but it also prevented an infected computer from accessing any antivirus sites where patches might be available, Reuters said.
SCO has already offered a $250,000 reward for information leading to the arrest and conviction of those responsible for MyDoom – just as Microsoft did last year regarding the Blaster and Sobig authors. Reuters and other news sources estimate MyDoom's eventual financial damage could total in the billions.
