MyDoom breaks previous record set by the Sobig worm, which infected 1 in every 21 messages at its peak last summer.
Jan. 30, 2004 12:00 AM
LinuxWorld here brings you the article verbatim. The headline is in the original
Rampant E-Mail Virus Traced to Russia
Friday, Jan. 30, 2004
By Simon Ostrovsky Staff Writer
"MyDoom, the fastest-proliferating computer virus ever, has been traced to
Using location-sensing software, Kaspersky Labs has traced the first e-mails
infected with MyDoom back to addresses with Russian Internet providers.
"It's scary, but most serious viruses are written in Russia," said Denis
Zenkov, spokesman for Kaspersky, the country's largest anti-virus software
Ever since it first appeared Monday night, the virus has managed to latch
onto every 12th e-mail sent, slowing down Internet traffic around the world.
"This virus can only be compared to chemical warfare, an indiscriminate
weapon of mass destruction," said Mikhail Yakushev, a legal adviser for
Microsoft in Russia.
MyDoom breaks a previous record set by the Sobig worm, which infected one in
every 21 messages at its peak last summer.
Most disturbing is that the virus gives its creators -- or anyone who cracks
the virus's code -- the power to take control of an infected PC.
The virus has already infected 600,000 to 700,000 computers around the globe,
Kaspersky Labs estimates.
And it has caused some $2 billion in losses worldwide, according to Computer
Economics, an Internet monitoring company.
Thirteen percent of infected computers are in the United States, compared to
a figure of under 1 percent for Russia, according to Kaspersky Labs.
"Russia usually does better fighting e-mail viruses than the United States
because systems administrators are generally more competent here and install
protection quicker," Zenkov said.
Russia might be better prepared, but then it is often the source of
server-stomping viruses, as in the case of MyDoom.
"We don't understand why, because usually programmers write viruses during an
economic downturn when there is no work and nothing else to do," Zenkov said.
"Right now there is plenty of work for Russian programmers."
The cause of damage is not primarily the virus's ability to take control of
an infected computer and change information stored on the hard drive.
Instead, the virus wreaks havoc by sending itself to all the addresses stored
inside an infected PC, exponentially increasing e-mail traffic and overloading
MyDoom spreads as an attachment to e-mails or as a file on the KaZaA file
sharing system. It uses a multitude of file names, subject lines and file
extensions, making it difficult to notice.
When the infected attachment is opened, the virus automatically installs
files in the computer's system, making it possible to use the computer as a
proxy server for sending out future versions of the file and to take control of
the computer itself.
"If the virus's creators don't send out an updated version of the virus it
will be under control in the next few days," Zenkov said.
MyDoom is not the only virus traced to Russia. Dumaru and Mimail have also
betrayed Russian origins.
But MyDoom has been the most problematic. One Utah-based software company,
SCO, has gone so far as to offer $250,000 for any information leading to the
arrest of the virus programmers.
SCO's web address is specifically targeted by MyDoom. The virus is encoded to
bombard SCO's web site with requests every 50 milliseconds starting Feb. 1. Such
a huge volume of requests is almost certain to crash the company's server,
causing huge financial losses.
SCO has branded MyDoom as "criminal activity that must be stopped." In a
statement on the company's web site, president and CEO Darl McBride said "we
have our suspicions" as to the perpetrators. He did not elaborate.
SCO is one of the most ardent opponents of the open source code movement,
which calls for software companies to make their programming code available to
If convicted of creating or distributing harmful computer programs, hackers
face up to seven years imprisonment under Russian law, according to Microsoft's
Yakushev. The Federal Security Service said it was not able to confirm
immediately if a criminal investigation had been opened into the MyDoom case.
If it has, the FSB shouldn't look for some teen computer whiz. "Its creators
are skilled professionals," Zenkov said."