- home
- reviews
- news
- downloads
- cnet tv
On MovieTome: See the TRAILER for TERMINATOR 4!
- log in
- join CNET
- welcome,
- my profile
- log out

January 26, 2004 5:58 PM PST

New virus infects PCs, whacks SCO

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: New Mimail mixes tricks for PayPal scam
January 16, 2004; Seeds of destruction
January 15, 2004; SCO attacks keep coming back
December 15, 2003; A 20-year plague
November 25, 2003; Microsoft bounty to disrupt virus writers?
November 5, 2003; Experts: Sixth son of Sobig not the last
August 25, 2003

A mass-mailing virus that quickly spread through the Internet on Monday planted a file that will instruct infected computers to attack the SCO Group's Web server with a flood of data on Feb. 1.

The virus--known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies--arrives in an in-box with one of several different random subject lines, such as "Mail Delivery System," "Test" or "Mail Transaction Failed." The body of the e-mail contains an executable file and a statement such as: "The message contains Unicode characters and has been sent as a binary attachment."



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

"It's huge," said Vincent Gullotto, vice president of security software maker Network Associates' antivirus emergency response team. "We have it as a high-risk outbreak."

In one hour, Network Associates itself received 19,500 e-mails bearing the virus from 3,400 unique Internet addresses, Gullotto said. One large telecommunications company has already shut down its e-mail gateway to stop the virus.

Once the virus infects a Windows-running PC, it installs a program that allows the computer to be controlled remotely. The program primes the PC to send data to the SCO Group's Web server, starting Feb. 1, a virus researcher said on the condition of anonymity.

The SCO Group has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

Latest computer virus runs rampant in a high-risk outbreak

The company's Web site was slow to load on Monday afternoon, a SCO spokesperson acknowledged, but the site was still accessible from the World Wide Web.

SCO's Web site was taken offline by denial-of-service attacks a handful of times in the last year, none of which had been initiated by a virus. In the past, the company has blamed Linux sympathizers for at least one of the attacks.

Antivirus companies were scrambling on Monday afternoon to learn more about the virus, which started spreading at about noon PST. The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.

"A lot of the information is encrypted, so we have to decrypt it," said Sharon Ruckman, a senior director of antivirus software maker Symantec's security response center. Symantec has had about 40 reports of the virus in the first hour, a high rate of submission, Ruckman said.



		Special report 20-year plague From the first experiments to today's epidemics, computer viruses have come a long way.

The virus installs a Windows program that opens up a "back door" in the system, allowing an attacker to upload additional programs onto the compromised device. The back door also enables an intruder to route his connection through the infected computer to hide the source of an attack.

The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded. The virus camouflages itself, using one of seven file names, including Winamp5, RootkitXP, Officecrack and Nuke2004. Variations in the body text include: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."

Early data indicated an epidemic several times the size of the Sobig.F virus, which caused widespread infections last summer, said Scott Petry, a vice president of engineering at e-mail service provider Postini.



		Reader resources MyDoom prevention and cure CNET Reviews

"At its current run rate, we will trap almost 8 million in a day," Petry said. The company quarantined only 1,400 copies of Sobig.F in its first day and 3.5 million copies of the virus during that epidemic's peak 24-hour period.

Mail systems that remove executable files from e-mails can stop the program from spreading.

See more CNET content tagged:
SCO Group Inc., virus, Networks Associates Technology Inc., computer virus, antivirus

Add a Comment (Log in or register) 2 comments

Win32.Nuvens.AK (NEW VIRUS)
by ww2vet54 September 28, 2006 9:44 PM PDT: Yesterday I was working on line and I decided to run a VScan. I use Zone 2006 Suite. So I take a break and come back after the scan. I see New! igh Risk! Can Not Be Cleaned! New! Unknown!...
(Win32.Nuvens.AK ) so it is identified. So I hop on line to search it out. "NOTHING" Anyware. No Mcafee or Norton Stinger, Nothing at PC Cillin (Trend), Nothing ay AVG or Bit Defender sites...
I figure maybee a false alarm, so I uninstall my zone and load up PC Cillin. Run the scan and Bingo. It also flags tiis creature. No, not a false alarm. I emiedatly back up my files and spens hours doing a manual search 1 kernal at a time, Nothing! The PC starts to slow. I try a re-boot in safe mode to do a restore. The restore will not complete. Luckily I have a back up hard drive so I switch out and I'm o.k. I thought I would provide this info so the pros could get at it. I,m wondering if this is the same one I soe bloged here?; Reply to this comment

Marketing HiJack (Virus)
by Jack Moran October 4, 2006 9:17 AM PDT: I recently went to a legitimate webpage only to find that it had been hacked, and a "virus" was dumped on me.

The webpage downloaded a bunch of crap to my system that causes my browser to redirect based on certain key words in the webpage I am loading (my guess). It also pops up a marketing message and suggestions that I go to a page called www.dxcdirect.com

I cannot find an antivirus software to counter this or that will even find the culprit routines!

Any suggestions?; Reply to this comment

Latest tech news headlines

If the economy tanks, will subscriptions become a panacea?
Posted in Coop's Corner by Charles Cooper

October 7, 2008 8:58 AM PDT
At CERN, computers to tackle the Big Bang
Posted in News - Cutting Edge by Nick Heath

October 7, 2008 8:56 AM PDT
Kleiner Perkins backs smart-grid firm Silver Spring
Posted in Green Tech by Martin LaMonica

October 7, 2008 8:11 AM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Cutting Edge
At CERN, computers to tackle the Big Bang
Scientists hope the Large Hadron Collider will offer clues to the origin of the universe. They'll get some help from a well-stocked data center.
Gallery
Photos: Top 10 reviews of the week
The Open Road
Open source does not mean 'open to pilfer trademarks,' suggests Google
Some want Google to give away its trademarks. This is silly and wrong.
Coop's Corner
If the economy tanks, will subscriptions become a panacea?
Zuora debuts online payment service with PayPal connection, the second product from a startup focused on the software-as-a-service business.
Video
DIY political ads proliferate
News - Wireless
VeriSign sells Jamba stake to News Corp.
The domain registrar sells its 49 percent share of the mobile-entertainment joint venture to its partner, News Corp., for $200 million. Ringtones sound good to Murdoch's media empire.
Video
Nintendo DS-i: The wait begins
News - Wireless
Verizon loses patent suit against Cox
A federal jury in Virginia rules that cable provider Cox Communications did not infringe on Verizon Communications' patents related to Internet telephony.
Crave
Palin, Biden bots stage showdown of their own
Student-made punching bots duke it out on the Washington University campus as the vice presidential candidates ready for the big debate inside.
Gallery
Photos: Nintendo showcases new DS-i, Wii games
Webware
PayPal competitor unveils details on eBay services
ProPay, a PayPal competitor will try its luck on eBay by the end of October.
Green Tech
Kleiner Perkins backs smart-grid firm Silver Spring
Venture capital firm digs into its Green Growth fund to lead a $75 million investment in a company that uses Internet Protocol-enabled devices to improve grid reliability.