New High Risk Virus Flooding Inboxes

A new mass-mailing virus called MyDoom flooding users e-mail boxes is the subject of serious concern among solution providers.

The worm appears to be taking advantage of one of the more recent trends in the malicious code world, randomized e-mail virus that include a ZIP attachment to bypass traditional gateway filters, said Ken Dunham, director of malicious code at Velocitus, Boise, Idaho.

"This [virus] is taking off like a rocket, with well over 20,000 interceptions in just two hours of it being discovered" he said.

If this infected email attachment is open, the virus automatically scours the user's contacts and files. Based on the information gathered, it rapidly sends infected e-mails out to other users, said one solution provider.

"We have gotten several calls from customers so far about the [virus]," said Vartan Ouzounian, chief operating officer of Secure Content Solutions, Santa Ana, Calif. "It's pretty nasty and spreads fast."

The subject line of the infected e-mail is not consistent and may say 'message undeliverable', 'hi', or 'test', among other subject lines. The same holds for the attachment name which varies from readme.zip, message.zip, and DELETDO.TXT, also among others. An adjoining message above the attachment typically says 'the message contains Unicode characters and has been sent as a binary attachment, or 'mail attachment failed. Partial message is available.'"

This should not be confused with Dumaru, a medium risk mass mailed virus identified today by Network Associates.