New MyDoom Email Virus Spreads Quickly

   A new email virus called MyDoom is spreading rapidly across the Internet, bringing with it a dangerous attachment that, when opened, can give attackers access to users' computers through an electronic backdoor;. The attachment targets Windows users, which account for roughly 96 percent of all computer users, and the rate at which this virus is spreading matches that of SoBig.F, previously the fastest-spreading worm of all time. As with earlier email viruses, MyDoom doesn't spread by means of any technical chicanery, relying instead on the ignorance of users who double-click any messages they see in their Inboxes. Email users are thus advised not to open attachments from sources they can't verify.
   The sheer amount of traffic generated by the virus has already brought down many networks, and some security experts now believe that attackers originally launched the virus as a Denial of Service (DoS) attack on the SCO Group, the UNIX copyright holder that's now suing various Linux companies for copyright infringement. However, this attack is having the most dramatic effect on end users, many of whom are still surprisingly uninformed when it comes to the dangers of opening attachments. When users open MyDoom-tainted email attachments, their systems become infected--with two side effects. First, their systems send infected email to all the users in their address books. Second, the virus places a backdoor on their systems that attackers can later exploit.
   MyDoom email is identified by text in the body of the email that reads, "The message contains Unicode characters and has been sent as a binary attachment." The subject lines and attachment names vary. Typical subject lines on infected messages include "Mail Delivery System" and "Mail Transaction Failed." The attachments often appear as .zip files (e.g., document.zip, message.zip, readme.zip) but can have virtually any extension, including .exe, .cmd, or .pif.
   If you're using an antivirus package, make sure your definitions are up-to-date and follow the manufacturer's instructions for removing MyDoom (which is also identified as Novarg, Shimgapi, and W32/Mydoom.A@mm, depending on the source). F-Secure's Web site has a free disinfection tool for users who don't have antivirus packages.

Note: This article originally noted that the "MyDoom \[wa\]s spreading rapidly across the Internet" through "UNIX mail servers", which was incorrect. Instead, the virus was ultimately targeting SCO's UNIX servers with a Denial of Service (DoS) attack. My apologies for the condensation of thoughts, which resulted in an unintentional miswording. This is instant publishing, folks, not a grand conspiracy. --Paul