Firms warn of new Mydoom worm
McAfee says new e-mail worm spreads via Web links; Microsoft looks into the threat it poses.
November 9, 2004: 12:09 PM EST
NEW YORK (CNN/Money) - Anti-virus software maker McAfee Inc. is warning about a new version of the Mydoom worm that infects computers of people who click on a link in e-mail they receive.
The new version is a mass-mailing worm that does not contain an attachment, as some earlier versions of the worm program have done.
A worm is a self-replicating computer program that -- like a computer virus -- can cause damage to a computer's software by attaching itself to programs.
The vulnerability was discovered and made public by two hackers with aliases "ned" and "SkyLined" on Friday, and only four days later a worm exploiting the weakness was developed and set loose, several virus-trackers reported.
Some anti-virus companies said the new worm was different from Mydoom because it spreads via Web links and not e-mail attachments.
), the maker of Explorer, the dominant Internet browser, was expected to issue its monthly batch of security patches later Tuesday, but the software maker could not immediately say if a patch for the new worm would be part of it.
But Microsoft said consumers who had installed Service Pack 2 for Windows XP were at a reduced risk. Microsoft said the worm is a variant of Mydoom and that it is investigating the threat the worm poses.
Some of the e-mail transmissions appear to be from PayPal, the online payment system that is part of eBay Inc.
). The text of the e-mail includes the following:
"Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days.
"To see details please click this link."
The program also harvests addresses from local files and then uses the harvested addresses in the "from" field to send itself. Some of those e-mail messages contain the following:
"Hi! I am looking for new friends.
"My name is Jane, I am from Miami, FL.
"See my homepage with my weblog and last webcam photos! See you!"
McAfee said so far it has received about 100 reports of the virus being stopped or infecting users. It raised its risk assessment on the new Mydoom virus to medium.