Comments on the "MyDoom" worm
Currently there is a new virus or worm that is being circulated via email. Opening an email containing this worm will not infect your computer. Opening the attachment sent with the email will infect your computer. This attachment usually has a .ZIP, .EXE, or .SCR file name extension.
What is of particular interest with this worm is the email routine it uses. Once a computer is infected, the worm searches the computer for an address book with email addresses. It adds these addresses to what we’ll call the address “pool”. It also searches your Temporary Internet Files folder and retrieves domain names (ie. “microsoft.com”). The worm then adds names from a list of common email names (joe, sam, robert, etc) in front of the domain names. These addresses get added to the address “pool” also. With this combination the worm begins its email process. It sends copies of itself to names randomly selected from the address book, but to disguise the identity of the infected computer – it also selects random names from the “pool” to use as the from address. This process is known as “spoofing”. So – it’s possible for a recipient of the worm to not know the person whose name appears in the from field. Here’s an example:
Let’s say that my computer has the worm. It searches my address book and finds that I send email to sam@sam.com, it also finds bob@bob.com and that I’ve been to www.ebay.com. It then begins sending copies of itself. The first goes to sam@sam.com and appears to be from pete@ebay.com. The next goes to bob@bob.com and appears to be from sam@sam.com.
Nowhere in the example does my email show up. As the virus gets detected, messages get sent to or returned to the “spoofed” senders – causing them to feel they have the worm. This causes large amounts of wasted time searching for copies of the worm that might not exist.
There are two keys to limiting the infection caused by this worm. First, run antivirus software and keep the pattern file up to date. Second, make it a practice to NOT open email attachments that you are not expecting – especially if you don’t know the sender.