TMCnet News
|
[January 28, 2004] U.S. Networks Halts Mydoom Virus Early U.S. Networks, Inc. today announced it has identified and halted the spread of the Mydoom virus at multiple customer sites. The W32/Mydoom@MM virus, also known as Worm.SCO.A or Novarg (F-Secure), is in the early stages of infecting computer systems around the world, yet has the potential to impact more users than the Sobig.F virus that caused havoc in 2003.U.S. Networks has successfully implemented its Disaster Avoidance (TM) methodology to avoid virus infestation at numerous customer sites, including MJM Investigations, Inc., and MCM Corporation, the holding company for Occidental Fire & Casualty Company of North Carolina, and Wilshire Insurance Company. It is important to note traditional e-mail systems have severe security flaws and are often exploited by the most popular viruses and other malicious code outbreaks. U.S. Networks advocates secure e-mail gateways as an essential part of a layered approach to enterprise security. "Organizations truly cannot comprehend the vital importance of their data until it is no longer available," said Andy Cummins, U.S. Networks president and chief executive officer. "With this Mydoom outbreak, we sound the alarm early on so organizations can react appropriately. Yet instead of just reacting, we advocate what we refer to as 'Disaster Avoidance' to allow companies to rest assured they never have to hassle with these types of issues." According to U.S. Networks, virus protection and other risk mitigation should incorporate a defense-in-depth strategy that utilizes: perimeter firewalls; intrusion detection systems; e-mail gateway scanning; and desktop anti-virus protection. With these combined services, organizations can avoid the productivity drain brought on by e-mail viruses. As part of its Disaster Avoidance package, U.S. Networks offers SureMail Gateway as a managed service that scans all inbound and outbound messages for viruses, SPAM and other signs of malicious behavior. It then halts the spread of harmful messages. Companies that fear their network has been infected can call U.S. Networks at (919) 256-2626 for immediate assistance. A technical description of the virus is as follows: MiMail.R, also known as Worm.SCO.A, W32/Mydoom@MM (McAfee), Novarg (F-Secure), W32.Novarg.A@mm (Symantec), Win32.Mydoom.A (CA) and Win32/Shimg (CA), is a polymorphic variant that collects information, SPAMs additional recipients, forges email addresses using its own SMTP engine, installs a backdoor and engages in a DDoS attack against www.sco.com by routinely sending HTTP requests. The technology used in this virus is not significantly different from prior mass-mailing viruses such as W32/Sobig and W32/Mimail. Unsolicited email messages containing attachments are sent to unsuspecting recipients. They may contain a return address, a provocative envelope, or something else that encourages its receiver to open it. This technique is called social engineering. Because people are trusting and curious, social engineering is often effective. As with other malicious code having mass-mailing capabilities, Mydoom may cause 'collateral' denial-of-service conditions in networks where either: (a) multiple systems are infected; or (b) large volumes of infected mail are received. |