The MyDoom virus may be spreading like wildfire across e-mail networks but propagation via the latest Kazza file-sharing program is unlikely due to built-in anti-virus technology, says a company official.
MyDoom is presently distributing more e-mails than the notorious SoBig worm. Anti-virus vendor Central Command claims that 1 in 9 e-mails contains the MyDoom virus, while managed e-mail provider MessageLabs puts the figure at 1 in 12. MyDoom also copies itself to the Kazaa download directory on a computer which has the file-sharing program loaded, using one of seven file names: Winamp5, icq2004-final, Activation_Crack, Strip-gril-2.0bdcom_patches, RootkitXP, Officecrack and Nuke2004.
However, the latest versions of Kazaa include an antivirus program called BullGuard which is set to run by default. "It regularly checks for updated virus definitions," Phil Morle, director of technology, Sharman Networks told ZDNet Australia . "It periodically scans users' shared files and checks files as they are downloaded."
"We distribute the virus definitions via peer-to-peer, which allows us to give it to the users at no cost," said Morle. During one virus outbreak 10 Terabytes of anti-virus definitions were distributed over the p2p network in a week, according to Morle. "It's extremely efficient, so the users got it very fast," he said.
Sharman Networks recommends running a full anti-virus program to protect against viruses distributed via e-mail as BullGuard does not scan e-mails for viruses and will not disinfect users' computer.