[IP] Virulent MyDoom virus designed to skirs feds, military users
Government Computer News
Virulent MyDoom virus skirts feds, military users
By Wilson P. Dizard III and William Jackson
1/27/04
The W32/MyDoom virus now raging across the Internet has special code
designed to prevent it from attacking federal and military users, according
to Symantec Corp.
"This particular virus tries to avoid sending itself to any domain with a
.gov or .mil extension," said Alfred Huger, senior director of engineering
for Symantec security response. "It contains a list that says do not mail
to these domains or if these words are contained" in the address.
The virus' method of skirting the federal government "certainly does work,
but it isn't foolproof because there are government domains that don't
contain these extensions," he said. Huger also cited state.us and local
government domains as potential targets.
The security engineer added that the MyDoom virus, also known as Norvag, is
designed to avoid domains of antivirus vendors and major software
companies, such as IBM Corp. and Microsoft Corp. "We think the reason that
it does this is to give this [virus] author a little more time for MyDoom
to spread before people who are likely to do something about it respond,"
he said.
Huger predicted that MyDoom likely would lurk on the Internet for a long
time, partly because it is targeted at home users who are less educated
about systems security.
*******************************
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/