Menu
Standard virus protection best way to fight Mydoom

Standard virus protection best way to fight Mydoom

Companies that are following recommended practices relating to secure email use should be largely protected against the Mydoom virus and its variants, experts said.

Despite the speed with which the email-borne menace has proliferated since the first variant was discovered on Monday, there's nothing about Mydoom, so far, that can't be dealt with by using antivirus, email filtering and intrusion-detection technologies.

Mydoom, which is also known as Shimgapi and Novarg, started spreading earlier this week and has quickly become the most virulent email virus ever.

The virus arrives as an email with an attachment that can have various names and extensions, including .exe, .scr, .zip and .pif. When the attachment is executed, the worm starts sending copies of itself to other email addresses stored in the infected computer.

The first version of the virus, now called Mydoom.a is designed to attack The SCO Group's website. A newer variant, dubbed Mydoom.b, which began surfacing earlier Wednesday, is apparently designed to enable similar denial-of-service attacks against Microsoft's Web site.

The variant also includes a feature that blocks infected computers from accessing sites belonging to vendors of antivirus products.

Companies that filter out email attachments or analyse the contents of attachments are unlikely to have been affected much, computer security engineer for Harris' STAT network security unit, Darwin Ammala, said.

Director of malicious code research at TruSecure's ICSA Labs, Bruce Hughes, said about 80 per cent of the company's clients already filtered out at least five attachments that were commonly used in email attacks.

The remaining companies filtered out even more attachments as a precaution against email attacks, he said.

"From all indications, corporations of a size large enough to afford antivirus [technologies] at the email gateway were unaffected," moderator of NT Bugtraq and an analyst at TruSecure, Ross Cooper, said.

Even in cases where the virus might have managed to infiltrate desktops, "most corporations will either notice, or block, outbound SMTP during such a virus outbreak" to stop the virus from spreading, Cooper said.

Several companies said that, so far at least, they had escaped the virus unscathed.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments