Hot on the Web
Lost in Cyberspace
Online San Diego
Feature Articles
Book Reviews and Reading Diary
Music Reviews
Favorite quotates
Contact Me

Hot on the Web

Of viruses and spam

This column originally ran in ComputorEdge on February 27, 2004
(Issue 2209, Star Trek – Are We There Yet?)

As I write this, the MyDoom virus infestation is slowly dying down. Today, for instance, I've only received one e-mail infected with it. The last week of January, it was literally dozens each day.

MyDoom quickly became the most widely spread computer virus yet seen, spreading quicker than any of its predecessors.

But given that both the public and computer professionals are now more wary than viruses than ever, how could this infection have been so bad? How is that we're still being taken in by viruses that depend on our gullibility?

Melissa all over again

Like the Melissa virus of a few years back, MyDoom spreads by copying e-mail addresses from software on infected users' computers (and like Melissa, only infects those computers running Microsoft Windows). If you received MyDoom and opened the attachment, it quickly looked through your Outlook address book and sent itself to everyone in there.

MyDoom then arrived as a .ZIP file attached to an empty or garbled text message. The subject field varied among things like "Hello," "Hi" or "Mail Transaction Failed." &#@150; stuff that doesn't sound like spam and thus lowers a recipient's guard.

Unlike Melissa, it didn't use your address as its From: address. This is key, because with Melissa, you'd quickly receive angry e-mails telling you you'd spread the virus. With MyDoom, it generated random return e-mail addresses, so your recipients had no idea you sent the e-mail. Because of this, you were less likely to realize you'd become infected and were more likely to let your PC continue churning out copies of the virus.

This was important to the twit or twits who wrote MyDoom, because if you let it continue running and if you had a broadband connection to the 'Net, your computer was then turned into a robot that started sending millions of messages to the web sites of software publishers SCO and Microsoft. With so many hits on their servers, the public was effectively blocked from accessing their sites – a broadly distributed denial of service attack.

Insidious new features

But that's not all MyDoom's authors did. According to the folks at the CERT Coordination Center, it seems that the MyDoom authors also added some pretty twisted new features that hint at future mayhem. For starters, it opened up your Windows registry file (a key piece of software that controls most of the settings for your PC) and blocked your computer from accessing the most popular anti-spam software sites. So even if you'd installed a good anti-virus program, if you were an early recipient of MyDoom (before the anti-virus folks had had time to update their software), you might not know for days that you'd been infected because your anti-virus software wouldn't be able to reach the servers to auto-update.

The MyDoom virus also contained its own e-mail server software that locked onto an open TCP/IP port – connecting it to the Internet, where it could apparently receive further instructions from its authors or to talk to an earlier variant of the virus, perhaps sending the denial of service orders.

Clogging up the 'Net

During the peak of MyDoom, folks who follow Internet traffic estimated it was responsible for about 20 percent of all e-mail flowing through the 'Net. SCO had to shut down its Web site temporarily due to the denial of service attack, although Microsoft managed to weather that assault.

But even that much traffic didn't come close to matching the volume of commercial spam – those annoying, unwanted messages trying to sell us porn, body parts enhancers and get-rich quick schemes. Spam is responsible for about 40 percent of all e-mail, if not more.

Still, that one virus could have that kind of an impact is sobering – especially when you realize that the open TCP port that MyDoom created could have been used to send commercial spam. How long until the spammers take hold of this idea?

And if the virus hackers are now changing your Windows registry to block access to sites that offer anti-spam updates, how long is it until someone writes a virus that re-directs your Windows update feature to a non-Microsoft server – one that "updates" your copy of Windows to do whatever its told by the hackers?

Changes to come

The above possibilities mean that we're likely to have to start giving up some of the conveniences that we've grown used to in personal computing. Automatic online updates of our operating system may have to go away, in order to protect our PCs. Being able to e-mail anyone, whether we know them or not, may have to include an extra step of verification.

In the meantime, don't open any e-mail attachments if you're not expecting them and don't recognize the file. And keep your anti-virus software up to date.