 |
January 27, 2004 9:52 am PST
As of 11 am, EST today, the performance for home
page downloads of the top U.S. business Web sites began
to lag once again most likely due to the effects of
the MyDoom worm. Compared to a typical download time
of 2.7 seconds over the previous week, sites on the
Keynote Business 40 Internet Performance Index (an
excellent barometer for overall Internet health), showed
delays of up to 3.8 to 3.9 seconds in downloading the
home page. While not as high as Jan. 26 (the predominant
day of the worm attack), these numbers will continue
to be tracked until performance stabalizes. Availability
of these sites continued to be in the range of 91 to
92 percent.
The worm currently propagating around the Internet
(called by various names including MyDoom and Novarg)
is a social-engineering worm. It pretends to be an
error message returned from someone the recipient knows,
with the intention of inducing the recipient to open
the attachment. If the recipient is fooled into opening
the attachment, several things occur:
- A forged error message, with the worm attached,
is sent to everyone in the recipients address book.
In
addition, if the recipient has the KaZaa filesharing
system installed, the worm will attempt to propagate
itself through this mechanism as well.
- A backdoor
is installed on the recipient's computer, allowing
a remote hacker full control over the computer.
This is probably the main purpose of this worm,
as it will allow spammers to route their email through
any infected machine.
- A timebomb is installed that
will use the recipient's computer to launch an
Distributed Denial of Service
attack on www.sco.com,
starting on February 1, 2004, and ending on February
12, 2004.
Current versions of all anti-virus programs will protect
users against this worm.
As always, users are advised to be careful about opening
attachments from anyone, unless you are specifically
expecting one.
Please email or call me if you would like an interview.
Dan
|
|
