By Tuesday, Mydoom-A had infected one out of every 41 e-mail messages. And so far, the U.K.-based e-mail monitoring service MessageLabs said that it alone has blocked 7.4 million copies of Mydoom-A.
The worm attempted to harvest e-mail addresses from unsuspecting accounts and aimed to launch a denial-of-service attack against the Web site of SCO Group, the software company that has filed lawsuits against IBM and Novell over their alleged use of System V Unix code on behalf of the open source community.
On Wednesday, the related Mydoom-B strain spread with similar, but less damaging, results. It attempted the same shenanigans as its predecessor, but it also targeted Microsoft's main Web site. Both worms tried to prevent users from accessing antivirus features.
SearchSecurity.com, a sister site to SearchWin2000.com, has been all over this story. Among the many articles it produced about Mydoom is one that offers network administrators and others responsible for security some best practices to prevent further infection. Fittingly, it is called "Best practices for cleaning up Mydoom mess."
Also this week, a variant of the Dumaru worm surfaced. While not as pervasive as either version of Mydoom, this worm opens a pair of back doors and logs keystrokes before mailing them to the worm writer. The worm affects Windows Server 2003 and Windows 2000, NT, XP, 98, 95 and ME systems.
U.S. joins security alert business
Security alert services can't prevent worms and viruses, but they can help slow the spread of malicious code. This week, the federal government added to the list of such services, most of which are offered by the private sector. The Department of Homeland Security's new National Cybersecurity Alert System is a subscription-based e-mail service that will provide security alerts both to technical professionals and to end users.
Believe it or not, there was other news besides worms this week. At a conference in Prague, Bill Gates -- who also scored an honorary knighthood from the British monarchy during his European swing -- said that Microsoft will devote a larger portion of its $6.8 billion research and development budget to making his company's software more secure and reliable. Exactly how many R&D dollars Microsoft plans to spend on security was a question Gates left unanswered.
Answering questions about Microsoft wasn't a problem for a group of 600 IT buyers from small and midsized businesses, a group that Redmond has been actively courting with its Small Business Server. This week, the Yankee Group released the results of a survey in which nearly three quarters of those responding said that they were actively looking to other vendors to help them diversify their software portfolios. Many expressed concern about investing too heavily in the products of one vendor.
And finally, Microsoft has announced a late-June release for the first service pack for Office 2003. For some customers, the first service pack is more eagerly anticipated than the initial release of the product because they know that, with the service pack, most of the kinks will be worked out.
FOR MORE INFORMATION:
National cybersecurity alert system launched