Yesterday, the wave of new MyDoom computer worms spread very quickly interrupted many popular online search services, including Google and Yahoo.
The attack marks the evolution of MyDoom, which has infected hundreds of thousands of computers earlier this year. The new variant, MyDoom-O, not only scans victims' hard drives for e-mail addresses, but also attacks search sites for new clues on the forums and web pages.
Like previous variants, MyDoom-O also featured in the e-mail attachment. Messages are very well camouflaged, with headlines coming from the user's service provider or technical support team informing the user's computer that the hacker used to send spam. Computers without software protection will be infected if these messages are opened. The virus scans your hard drive for e-mail addresses and domain names. When it encounters a domain, it sends a query (search request) to a search engine to determine the e-mail addresses on that domain. By using search queries, MyDoom makes it very difficult to detect and block source queries. Traditional denial-of-service (DDoS) attacks often include the same issues, making them easy to discover and block access to the server.
Earlier versions of MyDoom had implemented DDoS attacks on the websites of Microsoft and SCO, making them paralyzed. But this time, the purpose of the attack has changed. "It does not look like a traditional DDoS attack, and not just Google, but Altavista, Yahoo, and Lycos are affected," said Graham Cluley, a technology analyst with Sophos. MyDoom uses a new, very advanced technology that we have not seen before. "
Google and Yahoo issued a statement explaining the cause of the incident and said, by afternoon, the problem was resolved. Security experts also commented that although the speed of MyDoom-O distribution is still high, it will not cause much trouble for search sites and network administrators.
