Mydoom, MiMail viruses on the loose

A fresh global virus dubbed Mydoom was discovered at 8am Tuesday morning in the United States, and two Australian companies have already reported outbreaks, according to security outfit McAfee.

Managed email security services outfit MessageLabs had also warned of the latest Mimail variant, Mimail Q, which was intercepted on Sunday 26 January.

MessageLabs too, said it had intercepted over 165,000 copies of the Mydoom viruses within the first few hours of its breaking.

McAfee, which claimed to have first discovered the Mydoom virus, said the mass mailer landed in a user's inbox with EXE, CMD, PIF, ZIP or SCR attachments.

Once the user opened the attachment, the virus would send out thousands of emails, clogging and slowing down corporate networks in the process, according to Allan Bell, Asia-Pacific marketing director at McAfee.

“Mydoom is a mass mailer as most of the outbreaks have been. It generates traffic faster than Sobig. Because it generates mail faster than Sobig, the danger is it could be a bigger attack than Sobig,” he said.

The virus includes its own mail engine which generates the mail, he said.

“Like Sobig, it spoofs the email addresses which make it difficult to work out who the person was who was [originally] infected,” he said.

At 11am this morning, there were some reports of infections at some organisations in Australia, he said.

MessageLabs had also found that once harvesting addresses from infection machines, Mydoom targeted files with WAB, ADB, TBB, DBX, ASP, PHP, SHT, HTM and TXT extensions.

MessageLabs said Mimail.Q was a polymorphic mass mailing worm that spread by harvesting email addresses from infected machines. It then used an SMTP engine to send itself to addresses found, the company said.

A polymorphic virus changed slightly with each infection, according to the company. It was being sent from several locations including the US, UK and Australia.

McAfee's Bell stressed that companies needed more than just anti-virus software to protect themselves from these threats, which were getting more sophisticated.

Desktop firewalls would prevent a viruses' mailing engine from generating traffic out of a single machine and clogging up a corporate network, he said.