Boss Hog
TRIBE Member
New Mydoom e-mail virus threatens computers
VANCOUVER (CP) — A new computer virus spread via e-mail was detected today and an expert says it could quickly clog the Internet and open personal computers to data theft.
The virus, dubbed Mydoom, was confirmed around 4 p.m. EST by technicians at Network Associates Inc., which produces and maintains the McAfee antivirus program, Canadian general manager Jack Sebbag said from Montreal.
Symantec Corp., which markets the Norton antivirus program, also posted an alert for the new virus, which it called Norvag.
It said Microsoft Windows operating systems except 3.x were vulnerable but the virus does not affect DOS, Linux, Macintosh, OS/2 or Unix-run computers.
"It's a mass-mailer, meaning it will send at random the e-mail and replicate itself to folks on your personal address book," said Sebbag.
The worm-type virus is contained in an innocuous-looking e-mail attachment and degrades performance on the computer.
The icon used by the file tries to make it appear the attachment is a text file, according to Network Associates' notice. It then copies itself to the local system and sends itself to everyone in the user's e-mail address book.
Symantec's posting said the worm also copies itself to the Kazaa music download directory using various file names.
As more machines are infected Mydoom could slow down the entire Internet "and that's where the real problem starts to hit," said Sebbag.
He said the virus also appears to have a keystroke-logging capability, "meaning that somebody can actually take over your PC."
"Right now it's not a very big deal but it does have that capability so the worm can actually log into your machine and take it over and steal information."
The worm opens a connection on one of the computer's communication's ports, suggesting remote-access capabilities.
"It's a form of spyware," Sebbag said.
Users will know the computer is infected if Notepad is opened and filed with nonsense characters.
Symantec said once found, the worm appears easy to contain and not hard to remove.
Sebbag said the origin of the virus was not known yet but it may have come from North America or Europe.
Network Associates' lab began receiving large samples of the virus from its product users early Monday afternoon.
"That's why we rated the alert status to high," he said, adding it's too early to tell how widespread the virus has become. "It's in the hundreds of thousands at this point."
Sebbag said based on the number of samples his firm has received, Mydoom seems to be spreading as fast or faster than last year's SoBig virus.
Symantec also rated the speed of infection as high.
Last summer, SoBig quickly tied up e-mail systems and slowed down networks but did not damage computers or their data. It followed similar earlier attacks by viruses called LovSan and Blaster.
McAfee software users can find a update to combat the virus at http://www.nai.com, while Norton users can find help at http://www.symantec.com.
VANCOUVER (CP) — A new computer virus spread via e-mail was detected today and an expert says it could quickly clog the Internet and open personal computers to data theft.
The virus, dubbed Mydoom, was confirmed around 4 p.m. EST by technicians at Network Associates Inc., which produces and maintains the McAfee antivirus program, Canadian general manager Jack Sebbag said from Montreal.
Symantec Corp., which markets the Norton antivirus program, also posted an alert for the new virus, which it called Norvag.
It said Microsoft Windows operating systems except 3.x were vulnerable but the virus does not affect DOS, Linux, Macintosh, OS/2 or Unix-run computers.
"It's a mass-mailer, meaning it will send at random the e-mail and replicate itself to folks on your personal address book," said Sebbag.
The worm-type virus is contained in an innocuous-looking e-mail attachment and degrades performance on the computer.
The icon used by the file tries to make it appear the attachment is a text file, according to Network Associates' notice. It then copies itself to the local system and sends itself to everyone in the user's e-mail address book.
Symantec's posting said the worm also copies itself to the Kazaa music download directory using various file names.
As more machines are infected Mydoom could slow down the entire Internet "and that's where the real problem starts to hit," said Sebbag.
He said the virus also appears to have a keystroke-logging capability, "meaning that somebody can actually take over your PC."
"Right now it's not a very big deal but it does have that capability so the worm can actually log into your machine and take it over and steal information."
The worm opens a connection on one of the computer's communication's ports, suggesting remote-access capabilities.
"It's a form of spyware," Sebbag said.
Users will know the computer is infected if Notepad is opened and filed with nonsense characters.
Symantec said once found, the worm appears easy to contain and not hard to remove.
Sebbag said the origin of the virus was not known yet but it may have come from North America or Europe.
Network Associates' lab began receiving large samples of the virus from its product users early Monday afternoon.
"That's why we rated the alert status to high," he said, adding it's too early to tell how widespread the virus has become. "It's in the hundreds of thousands at this point."
Sebbag said based on the number of samples his firm has received, Mydoom seems to be spreading as fast or faster than last year's SoBig virus.
Symantec also rated the speed of infection as high.
Last summer, SoBig quickly tied up e-mail systems and slowed down networks but did not damage computers or their data. It followed similar earlier attacks by viruses called LovSan and Blaster.
McAfee software users can find a update to combat the virus at http://www.nai.com, while Norton users can find help at http://www.symantec.com.
