February 20, 2004 4:39 PM PST

RIAA to face MyDoom's music?

Related Stories

MyDoom author may be covering tracks

February 10, 2004

MyDoom virus spells double trouble

February 3, 2004

Clues point to single MyDoom culprit

February 2, 2004
A variant of the MyDoom virus has started spreading, albeit slowly, and security experts expect it to target the main Web site of the music industry.

The variant, MyDoom.F, deletes several different types of files stored on an infected computer and aims to attack the Web sites of Microsoft and the Recording Industry Association of America with a flood of data, antivirus companies said Friday.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


Neither site may feel much pain, however, as the virus has failed to spread quickly.

"It is not very prevalent," said Craig Schmugar, virus research manager for Network Associates' vulnerability emergency response team. "We haven't seen anything beyond (a single) sample in the past 24 hours."

The original MyDoom spread through e-mail in late January, infecting a new computer every time an unwary person opened the attached file containing the program. Between several hundred thousand and 2 million computers were infected, according to estimates.

Antivirus firms believe that the writer of the MyDoom.F virus is different from the person believed to have authored the first two versions of the code. A later worm, Doomjuice, spread to computers that were already infected by MyDoom and dropped copies of the original virus' source code. It's thought that the author of MyDoom.F used that code to write this new virus.

"Right now, it feels like someone took the original one and modified it," said Vincent Weafer, senior director for the antivirus research center at security company Symantec. "That's just a gut feeling."

The MyDoom.F virus spreads using a variety of subject lines and message text, usually attaching itself to the message as a Zip compressed file. The virus infects Windows computers when the user opens the file.

PCs compromised by the virus send out virus-laden e-mail messages using random addresses found in a variety of files, such as cached Web pages and the Windows address book. The virus also deletes Word documents, JPG picture files, Audio Video Interleaved files, Excel spreadsheets and a few other types of files.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.