Latest MyDoom variant revisits Google

Summary:The latest version of the MyDoom worm has again come knocking on the doors of major search engines in an attempt to find more unsuspecting victims.

The latest version of the MyDoom worm has again come knocking on the doors of major search engines in an attempt to find more unsuspecting victims.

According to various security software firms, the new worm, labeled by McAfee, spreads by sending copies of itself using its own SMTP engine and harvesting potential e-mail addresses from sites like Google and Yahoo. It was quickly making its rounds around the world Thursday, with McAfee receiving about 50 infection reports to date from users in the United States, Australia and the United Kingdom.

In August 2004, another MyDoom variant pumped so many queries into Google that the search engine was crippled for extended periods of time. The same worm also succeeded in knocking a number of smaller search engines such as Lycos and Altavista, off the Web completely.

Antivirus firm Sophos said the new variant searches an infected computer's hard drives for e-mail addresses and then uses Internet search engines to unravel more e-mails with common domain names.

The worm "will send a query to the search engine using domain names from e-mail addresses found on the hard disk and then examine the query results, searching for more addresses", Sophos said in an advisory.

Sean Richmond, senior technical consultant at Sophos in Australia and New Zealand, said that the latest variant was first detected early this morning and as long as people have updated their virus definitions, it shouldn’t cause much of a problem.

"We saw a spate of samples come through over the last day into our lab. By now a lot of companies are already blocking dodgy zip files and quite a few of the infected e-mails are automatically blocked as spam. It is spreading but everyone (including rival antivirus companies) are on top of things," said Richmond.

Sophos said the worm will send 45 percent of its queries to Google, 22.5 percent to Lycos, 20 percent to Yahoo and 12.5 percent to Altavista.

ZDNet Australia's Munir Kotadia reported from Sydney.

Topics: Security


Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.