Record-Breaking Mydoom.A Continues Spreading, with 8.4 Million Copies Intercepted To Date by MessageLabs; Mydoom.B in the Wild but Having Limited Impact.

Business Editors

NEW YORK--(BUSINESS WIRE)--Jan. 30, 2004

MessageLabs, the leading provider of managed email security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the to businesses worldwide, announced today that the record breaking virus W32/Mydoom.A-mm, while off its peak, is continuing to spread at a steady rate, with 8,463,332 copies having been stopped so far by MessageLabs.

Of that total, 22% have originated in the US. The reach of the worm now extends to 211 countries. The peak infection ratio remains 1 in 12 emails infected with the virus, and the average ratio is currently fluctuating between 1 in every 15 and 1 in every 23 emails.

A new variant of the virus, Mydoom.B, which first hit on Wednesday, is also in the wild, but not gaining much traction. MessageLabs has identified it as a low-level threat.

On Tuesday, W32/Mydoom.A-mm broke records to become the fastest spreading virus of all time. The title had previously been held by Sobig.F, another mass mailing virus that hit in August 2003. The comparison was made by tracking the number of virus-containing emails stopped within the first 24 hours and by tracking peak infection ratios. Just over 1 million messages containing Sobig.F were stopped within the first 24 hours, in comparison to more than 1.2 million for Mydoom.A. Sobig.F's peak infection ratio was 1 in 17 compared to Mydoom.A's, which was 1 in 12. The Lovebug virus of 1999 is the third fastest spreading, with 1 in every 23 emails.

"Let there be no doubt that the trojan component of Mydoom.A is creating an entirely new network of compromised machines that hackers and likely spammers will be able to remotely control," said Mark Sunner, chief technology officer of MessageLabs. "As part of our commitment to customers, we have protected more than 2 million enterprise end users from Mydoom, saving thousands of IT departments from having to deal with help desk calls, patching and clean up--in short, eliminating a big, ongoing and costly headache."



         Name: W32/Mydoom.A-mm
         Time & Date first Captured: 13.03pm GMT, 26th Jan 04
         Origin of first intercepted copy: Russia

General

Mydoom is a mass-mailing worm that attempts to spread via email and by copying itself to any available shared directories used by Kazaa.

The worm harvests addresses from infected machines and targets files with the following extensions: .wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm, .txt.

Mydoom also tries to randomly generate or guess likely email addresses See Internet address. to send itself to.

In addition, initial analysis suggests that Mydoom opens a connection on TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. port 3127, an indication of a remote access component.

Email characteristics

From: Random, spoofed email address

Subject: Random

Text: Various, including:

-- The message cannot be represented in 7-bit ASCII ASCII or American Standard Code for Information Interchange, a set of codes used to represent letters, numbers, a few symbols, and control characters. Originally designed for teletype operations, it has found wide application in computers. encoding See encode. and

has been sent as a binary attachment.

-- The message contains Unicode characters This is a list of Unicode characters. Basic Latin

Code Result Description
U+0021 ! Exclamation mark
U+0022 " Quotation mark
U+0023 # Number sign
U+0024 $ Dollar sign
U+0025 % Percent sign
U+0026 & Ampersand
U+0027 ' Apostrophe and has been sent as a

binary attachment.

-- Mail transaction failed. Partial message is available.

Attached file: Various, with extensions including .exe, .pif, .cmd, .scr. The attachment often arrives in a zip archive, and is also represented by what appears to be a text file icon, but is in fact an executable.

Size: 22, 528 bytes

Detection: MessageLabs detected all strains of this virus proactively, using its unique and patented Skeptic(TM) predictive heuristics heu·ris·tic
adj.
1. Of or relating to a usually speculative formulation serving as a guide in the investigation or solution of a problem: technology.

About MessageLabs

MessageLabs is the leading provider of managed email security services to businesses worldwide. The company currently protects more than 8,500 businesses worldwide from email threats such as viruses, spam and other unwanted content before they reach their networks and without requiring additional hardware or software. Powered by a global network of control towers that currently spans the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , the United Kingdom, Germany, the Netherlands, Hong Kong Hong Kong (hŏng kŏng), Mandarin Xianggang, special administrative region of China, formerly a British crown colony (2005 est. pop. 6,899,000), land area 422 sq mi (1,092 sq km), adjacent to Guangdong prov. and Australia, MessageLabs scans tens of millions of emails a day on behalf of customers such as The British Government, The Bank of New York The Bank of New York, abbrieviated to BNY, was a global financial services company that existed until its merger with the Mellon Financial Corporation on July 2, 2007.^[1] The bank now continues under the new name of The Bank of New York Mellon Corporation. , EMI (ElectroMagnetic Interference) An electrical disturbance in a system due to natural phenomena, low-frequency waves from electromechanical devices or high-frequency waves (RFI) from chips and other electronic devices. Allowable limits are governed by the FCC. Music, HealthPartners, StorageTek, Air Products and Chemicals, SC Johnson, Conde Nast Publications, Fujitsu and Diageo. For more information on MessageLabs and its industry-leading email security and management services, please visit: www.messagelabs.com.

COPYRIGHT 2004 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Jan 30, 2004
Words:	678
Previous Article:	Presentation to Financial Analysts by Scientific-Atlanta Executives To be Webcast.
Next Article:	Global Community Convenes at World's Largest Wireless Show; CTIA WIRELESS 2004 Is Premier Event for International Audiences.

Related Articles
MyDoom worm spreading fast.(Virus Notes)
Top ten viruses reported to sophos in February 2004.(Virus Notes)
Bilingual bogus Microsoft virus.(Virus Notes)
'Doomjuice' worm emerges, targets Microsoft.(Security)(Brief Article)
MyDoom uses Yahoo to find email targets.(Software Digest)(Brief Article)
Huge increase in virus-infected spam.(Software Digest)(Brief Article)
MyDoom creators ask for job in anti-virus industry.(Security News and Products)(MyDoom)(Brief Article)
Virus top twenty for November.(Virus Notes)
Top twenty viruses reported to kaspersky in december.(Security Products)
Kaspersky Lab virus top twenty for March 2005.(Security)(Illustration)