I've had a couple of e-mails arrive in the past two days that have had unsolicited ZIP files attached to them. The mails have had a cryptic Subject line, one even said that my computer sent an e-mail containing a virus to someone I don't know. After running a virus scan using my current anti-virus software (which updates automatically every week) I did an online scan of my system for the MyDoom virus, and everything was OK.
Since one of the e-mails that I received with the virus attached APPEARED to come from someone here (it was actually "spoofed", because I checked with the person who confirmed that they had NOT sent me an e-mail) I wanted to make sure everyone here got a heads-up to watch out for e-mails containing unsolicited attached files, and to check any suspicious e-mails with the apparent sender before opening or downloading any files that you did not personally request.
SEATTLE (Reuters) - MyDoom, the latest worm to infect computers on the Internet, was designed to attack the Web site of the SCO Group Inc., the small software maker suing IBM over the use of software code used for the Linux operating system, experts said Tuesday.
Since appearing late Monday afternoon, the worm has spread rapidly, mostly in North America, accounting for one in nine messages globally, experts said. The volume of messages clogged networks and appeared to be concentrated in corporate environments.
The new worm, also known as Novarg or Shimgapi, is activated when unsuspecting recipients of an e-mail message open a file attachment that releases a virus.
An infected personal computer could then allow attackers to gain unauthorized access and use the computer to aid in an Internet attack to bring down SCO's Web site, said Oliver Friedrichs, senior manager at security company Symantec Corp.
"Certainly there's code in here to launch a denial-of-service attack against SCO on Feb. 1," Friedrichs told reporters on a conference call.
SCO, which has drawn the ire of many Linux advocates for its claims that Linux software includes copyrighted code from the Unix operating system, has experienced numerous denial of service attacks, which are used to flood a Web site with requests for information so that it overloads and shuts down.
SCO claims that International Business Machines Corp.'s customers and others are illegally using a version of the Linux operating system, a free operating system that software developers can modify.
The attacks from infected computers are scheduled to begin on Feb. 1 and last through to Feb. 12, Symantec said.
At risk are computers running the latest versions of Microsoft Corp.'s Windows programs and any e-mail program.
The worm doesn't exploit any flaws in Windows, but rather is designed to entice recipients of an e-mail to open an attached file and run programs contained in the attachment.
The mass-mailing worm that arrives as an attachment with an .exe, .scr, .zip or .pif extension and can have a subject line of "test" or "status."
Users who receive the worm and simply ignore or delete it will be able to avoid any damage.
MyDoom also mails itself out to addresses in the victim's computer and is clogging mail servers and degrading network performance at companies, experts said.
The worm appears to have a random sender's address and subject line and sometimes contains an error message such as "The message cannot be represented in 7-bit ASCII and has been sent as a binary attachment."
01/27/04 15:21 ET