TechWeb

New High-Risk Worm Floods In-Boxes

Jan 26, 2004 (02:01 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=17501236


A new worm called MyDoom flooding users E-mail boxes is the subject of serious concern among solution providers.

All that the worm needs to propagate is a user that has an open Microsoft Windows preview pane in Outlook. The worm appears to be taking advantage of one of the more recent trends in the malicious code world, randomized E-mail worms that include a .zip attachment to bypass traditional gateway filters, said Ken Dunham, director of malicious code at Velocitus. "This worm is taking off like a rocket, with well over 20,000 interceptions in just two hours of it being discovered," he said.

If this Outlook pane is open, the worm automatically scours the user's contacts and files. Based on the information gathered, it rapidly sends infected E-mails out to other users, said one solution provider.

"We have gotten several calls from customers so far about the worm," said Vartan Ouzounian, chief operating officer of Secure Content Solutions. "It's pretty nasty and spreads fast."

The subject line of the infected e-mail is not consistent and may say 'message undeliverable', 'hi', or 'test', among other subject lines. The same holds for the attachment name which varies from readme.zip, message.zip, and DELETDO.TXT, also among others. An adjoining message above the attachment typically says "the message contains Unicode characters and has been sent as a binary attachment,' or "mail attachment failed. Partial message is available."