Dealing With MyDoom
The big news in the computer world this week clearly has to be the MyDoom virus. How secure are your servers? Often, users hold the key.
January 29, 2004
The big news in the computer world this week clearly has to be the MyDoom virus. It's the buzz everywhere, and why shouldn't it be? Various reports have it listed as the fastest spreading e-mail virus ever, and predict that it could have as large an impact as last summer's Sobig worm. Not only that, but the attack appears to be a type of vendetta against The SCO Group. As if that's not enough, a new variant, MyDoom.B began to appear late Tuesday, targeting Microsoft.com as well as attempting to block users from accessing 65 Web sites run by antivirus companies. Now SCO is offering a $250,000 reward for the arrest and conviction of the author of the virus. The FBI is in the mix trying to track down the originator. It's really the sort of thing TV movies are made of. Now we just have to catch the "bad guy."
For those concerned with the security of their company servers, the primary issue here is to avoid getting infected. And this is where users hold the key. Obviously, be sure your users are not opening e-mails with attachments from unknown senders. Even e-mail with attachments from those known to your users need to be handled carefully, because some viruses invade another user's address book, and send infected e-mails from "spoofed" addresses. This makes the incoming e-mail look legitimate. In addition, many viruses come as attached .exe and .scr files, but MyDoom disguised itself as a .zip file. Many companies rely on .zip for compressing large files before sending via e-mail, and therefore let such attachments through. So the word is caution, caution, caution, and education of your users.
To that end, there are some examples to follow. In CIOs On Security, Preventing Mydoom Redux , Paul Kapustka notes that George Washington University has set up a "controlled area" where servers direct users whose clients are determined to be infected. And at Amtrak, the protection against viruses and worms starts at the server level--users there aren't allowed to log on unless their client has properly updated software. And, servers are kept up to date, all the time.
If your company does get infected, it seems MyDoom has a bit of a superiority complex; while a headache for all involved, it doesn't seem fatal. Several companies, including The Boeing Co., reported that although the virus clogged systems up so that employees were unable to use e-mail Monday, things seem to be back up and running in relatively short order. It is troublesome, however, that the "offspring," MyDoom.b, may be more powerful than the parent.
So, you know what they say about an ounce of prevention. Just do it.
You May Also Like