The recent spread of the cleverly engineered “MyDoom” computer virus exposed a key flaw in the global embrace of technology: Its users are human.
Posing as a legitimate computer error message, the worm successfully tricked eMail recipients into spreading it to friends, co-workers, and other associates. Although computer users have grown wiser about falling for such tricks, virus writers have also gotten smarter about fooling them, as MyDoom clearly illustrated.
“People that are bent on doing these things continue to display a high degree of intelligence,” said Bob Jorgensen of Boeing Co., whose eMail systems slowed down because of the worm. School technology leaders and other computer administrators “need to continue to work to stay one step ahead” through better technology and education, he added.
MessageLabs Inc., which scans eMail for viruses, said one in every 12 messages contained the worm during its peak in late January. Security experts described it as the largest outbreak in months.
“It’s the trust factor you are exploiting,” said Oliver Friedrichs, senior research manager with anti-virus vendor Symantec Corp. “Most people, when they receive something, they want to trust it. You don’t want to miss something people may be sending you.”
When a recipient clicked on the eMail’s attachment, the rogue program searched though address books and sent itself to eMail addresses it found. It chose one as the sender, so recipients would believe the message came from someone they knew.
Unlike other mass-mailing worms, MyDoom did not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes. Rather, messages carried innocuous-sounding subject lines, like “Error” or “Server Report,” and messages in the body such as “Mail transaction failed. Partial message is available.”
It is precisely because the message’s tone was so basic that many computer users conditioned to be suspect of attachments wound up opening MyDoom anyway, said Chuck Adams, chief security officer with NetSolve Inc., a security firm in Austin, Texas.
Some school and corporate networks were clogged with infected traffic within hours of the worm’s appearance Jan. 26, and operators of many systems voluntarily shut down their eMail programs to keep the worm from spreading during the cleanup.
Keynote Systems Inc., which tracks internet performance, recorded a slight degradation in web site availability and speed. The worm, however, fell short of a homeland security or national security threat, said Amit Yoran, the U.S. government’s cyber-security chief.
MyDoom infected computers that run Microsoft Corp.’s Windows operating systems, though other computers were affected by network slowdowns and a flood of bogus messages. Unlike other recent attacks, it did not appear to exploit any Windows security flaw.
Besides sending out tainted eMail, the program opened up a back door so hackers could take over the recipient’s computer later. The worm also tried to spread through the Kazaa file-sharing network and was programmed to overwhelm the web site of the SCO Group Inc. by repeatedly sending fake requests.
SCO’s site has been targeted before because of its threats to sue users of the Linux operating system in an intellectual property dispute. The company has announced a $250,000 reward for information leading to the arrest and conviction of MyDoom’s creator.
Anti-virus vendors quickly posted software updates to catch the worm, and security experts once again warned computer users not to open questionable attachments. The MyDoom messages carried attachments with extensions like “.exe,” “.scr,” “.cmd,” “.pif,” or “.zip.”
But no amount of warning will ever eliminate threats entirely, experts say.
“Folks are just going to fall prey to things that look like familiar things that happen to their eMail, like getting an error message,” said Lee Rainie, director of the Pew Internet and American Life Project. With 128 million Americans already online–and newcomers less aware of these tricks joining all the time–“it takes a relatively small fraction of folks to make mistakes,” he said.
MyDoom wasn’t the first mass-mailing virus of the year. Earlier in January, a worm called “Bagle” infected computers worldwide and even infiltrated a popular Department of Education (ED) listserve, but that worm seemed to die out quickly. ED said its virus-detection software neutralized the Bagle worm automatically by removing it from infected messages before they reached recipients.
See this related link:
Microsoft security tips