In a press release, SCO president and CEO Darl McBride said his company has been the target of several DDOS attacks during the past ten months. “This one is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organizations around the world. The perpetrator of this virus is attacking SCO, but hurting many others at the same time. We do not know the origins or reasons for this attack, although we have our suspicions. This is criminal activity and it must be stopped. To this end, SCO is offering a total of $250,000 reward for information leading to the arrest and conviction of those responsible for this crime.”
While SCO is practicing tough love, Panda Software, a leader in antivirus solutions, is offering a free one-year copy of Platinum 7AV and firewall (http://www.pandasecurity.com/echannel/) to qualified IT professionals to combat Mydoom.A. In addition to incorporating a DDOS attack on SCO, the worm is gunning to become the biggest epidemic in the history of computing, according to a statement released Tuesday by the Glendale, CA-based firm.
Mydoom.A comes via an e-mail message with an attached file. Like the other recent virus epidemics, social engineering techniques cheat the user into thinking they are supposed to open the file. The virus not only infects the computer that received the e-mail but then mails itself to all the contacts found in addresses book. The worm searches e-mail addresses in the computer files with the extensions: .htm, .sht, .php, .asp, .dbx, .tbb, .adb, .pl, .wab, .txt. It uses its own SMTP engine to send itself by e-mail.
The message content changes, and may be composed by the following sentences:
Subject: test; hi; hello; Mail Delivery System; Mail Transaction Failed; Server Report; Status; Error;
Body: Mail Transaction Failed. Partial message is available; The message contains Unicode characters and has been sent as a binary attachment. The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attached file name: document; readme; doc; text; file; data; test; message; body; and File extension: .pif; .scr; .exe; .cmd; .bat; .zip.
Once the virus has infected the computer, it then searches for the peer-to-peer file sharing Network KaZaa. If KaZaa is detected, a file is copied to the shared folder allowing its distribution via this peer to peer system. The filename may be one of the following ones: winamp5; icq2004-final; activation_crack; strip-girl-2.0bdcom_patches; rootkitXP; office_crack; nuke2004 and PIF, .SCR o .BAT extension.
In addition, it opens the TCP port 3127 in the infected computer, allowing remote control of the computer. It means any malicious hacker may get access and steal, modify or destroy any kind of information stored in the computer.
Panda’s free online tool, Antivirus Checker, specifies whether an antivirus is installed, which one and if it is updated, and therefore keeping the computer safe from viruses. Antivirus Checker is available at: http://www.pandasoftware.com/protected. Users can also detect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is available on the company’s website at http://www.pandasoftware.com/.