MyDoom's back! Here's how to avoid it

For some folk who logged on to Google on Monday morning, there were no answers to the queries typed in. The search engine -- along with others like Yahoo, AltaVista and Lycos -- was unable to provide results to a number of surfers, thanks to what is now referred to in hushed tones as MyDoom.

In a move surprisingly reminiscent of Hollywood sequels about superheroes, the notorious worm has come back from the dead in the form of variants called, variously, 'MyDoom.N', 'MyDoom.M' or 'MyDoom.O'.

Since it was detected, MyDoom.O has staged denial-of-service attacks against major search engines, slowing access to a number of them. It uses these engines on infected computers to look for more e-mail addresses in order to keep replicating itself.

The sheer volume of such traffic effectively causes denial of service attacks. The worm also spreads through file sharing networks like Kazaa, and through infected attachments, all with the help of an inbuilt SMTP (Simple Mail Transfer Protocol) engine.

It 'harvests' e-mail IDs from infected computers and mails itself to them. This opens a backdoor in the infected machine, allowing hackers access. Once this happens, credit card info, banking passwords and just about anything else you consider sacred, is no longer safe.

MyDoom.O infects a computer when an e-mail carrying the worm is opened. It can carry the name of a colleague or friend, and may also ask users to download programs to fix a problem. The scariest bit: Experts believe the capabilities of worms can only be expected to increase.

Now, based on what Computer Associates calls "extremely intensive activity levels and exponential growth," the threat level for MyDoom.O has been raised to 'high'.

What this means is, if you have just been sent unsolicited e-mail with subject lines like 'hello', 'error', 'status', 'Message could not be delivered', 'Delivery reports about your e-mail' or 'Returned mail: Data format error', opening these may not be the brightest of ideas. You've been warned.

How to avoid MyDoom

Here is some basic care you must take to keep your computer safe.

• The virus comes as an attachment to what is seemingly a bounced message sent from an infected computer's e-mail account. It invites a user to open the attachment to see why the message never reached its destination. Do not open the attachment because this will launch the virus. Security experts generally advise computer users to avoid opening any e-mail attachment unless it is sent by a trusted person and it was expected.
• Make sure that your anti-virus software is current. Most anti-virus providers update their software to be on the lookout for this version of MyDoom.
• If you open the attachment and the anti-virus software is not updated -- or you just don't have any anti-virus software installed -- your computer will be infected. If this happens, immediately download, install and run one of the free tools offered by several Internet security companies like Network Associates's McAfee.com http://vil.nai.com/vil/stinger/, F-Secure Inc. http://www.f-secure.com/v-descs/mydoom_m.shtml, Symantec http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html and Trend Micro http://www.trendmicro.com/download/dcs.asp.

Get help

Symantec Security Response (http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html)

McAfee Virus Profile (http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127033)

Netcorp protection, detection and removal (http://www.thenetcorp.com/resources.cfm)

Nandakumar Pai, CTO, MicroWorld Software Services Pvt Ltd says: "W32.Mydoom.O@mm is a mass-mailing worm that installs an e-mail sending programme (an SMTP engine) in the infected system and mails itself. The worm listens for Internet messages. It also queries search engines to harvest additional e-mail addresses for possible distribution. The worm also allows unauthorised remote access to the computer via a network."

Pai rates this as a high-risk worm.

In order to remove the worm, users are suggested to download the free MicroWorld Anti Virus Toolkit (MWAV Tool Kit) which is available on its Web site www.msspl.co.in.

The tool checks your machine for viruses and removes them. This tool cleans the registry and other system areas that can be damaged by viruses. It also checks system process running in the background. If any illegal dialers or sniffer tools have been installed they are detected and removed.