The Top Ten computer viruses for January 2004
The Top Ten most prevalent computer viruses during January were:
Commentary for January 2004
ALL WAS PRETTY QUIET ON the virus front at the beginning of January. The month began with the usual number of viruses and then we witnessed a flurry of new arrivals. During the last week of the month, MyDoom struck. You’ll have read all about this one in the national press, no doubt! Indeed, the ‘dailies’ played up two further minor attacks later that week as many IT system users began to fear the worst.
The first bubble of activity began with Bagle. The original copy of this worm was intercepted from Germany. In practice, the worm arrived as an e-mail attachment, searched the infected machine for e-mail addresses and then sent itself to the addresses found. The worm used unsophisticated social engineering techniques and clearly displayed an executive attachment which offered observant recipients a fairly good clue to suggest the e-mail in question was infected.
Interestingly, this virus did bear some similarities to the SoBig worm that debuted almost exactly a year ago to the day that Bagle was released into the wild.
Dumaru was the second virus to register on the radar. Again, this was a mass-mailing worm but harboured a password-stealing or key-logging Trojan component that left a back door open on any infected computer connected to the Internet. This allowed remote access to the recipient’s PC.
The new variant of Mimail – Mimail Q – also wriggled its way into January to join the other mass-mailing worms, but the big worm that disturbed the earth the most was undoubtedly MyDoom.
The spectre of MyDoom
MyDoom.A first cast its shadow on Monday 26 January. The peak infection rate was one in 12 e-mails. MyDoom.A spreads via e-mails, and also by copying itself to any available shared directories used by Kazaa. The particularly cunning element of MyDoom is it’s ability to randomly generate or guess likely e-mail addresses to which it can send itself.
MyDoom also duped the user into thinking it was a “mail delivery error message” – a far more sophisticated and subtle social engineering technique than Bagle, and indeed many of the mass-mailing worms we’ve previously seen. The virus was designed to launch a denial of service attack against the SCO Group web site (the motive rumoured to be SCO’s anti-linux stance). Thus it appeared the virus writer was an open source sympathiser.
It’s unlikely we’ve seen the end of MyDoom and its various protegees.
