The Mydoom.A worm is causing one of the biggest
epidemics in computing history. Latest statistics indicate that one in every
twelve e-mails in circulation is carrying this malicious code. This figure
significantly exceeds that reached by Sobig.F (1 in every 17) last summer
and which, up until yesterday, was considered the fastest spreading virus
ever.
According to data collected by Panda Software's online antivirus, Panda
ActiveScan, Mydoom.A has infected six times more computers than Bugbear.B,
the second virus most frequently detected.
Similarly, it has been estimated that 300,000 computers worldwide, including
thousands of companies, have been infected by Mydoom.A.
Mydoom.A is designed to attack and saturate networks of any size. It also
creates a backdoor in the infected computers which could allow hackers to
steal or compromise key corporate data. Furthermore, according to the latest
data obtained by PandaLabs, this backdoor also allows a file to be dropped
on the affected computer, which when run, allows attacker to access network
resources.
Even if antivirus solutions are working correctly, blocking and cleaning
e-mail carrying Mydoom.A, it is recommendable to take other measures to
avoid the effects of this worm, as Mydoom.A can get into computer through
many different means, such as web mail downloaded directly to the mail
clients on workstations or laptops computers that sporadically connect to
the network and could be infected.
If this happens, the worm will be installed on the network, compromising
network security.
This is where firewall protection comes into play, as it controls
communication ports and prevents suspicious data from entering or leaving
the computer, and therefore, the use of the backdoor that Mydoom.A creates
on computers.
What's more, if the rest of the workstations do not have adequate antivirus
protection installed, the worm will spread rapidly across the network,
bringing it to a standstill, no matter how well protected the mail server
may be.
For this reason, Panda Software recommends network administrators to check
the following:
- Make sure that the antivirus protection in all the workstations and
servers across the company, and on mail servers in particular, is updated
and running.
- Supervise non-networked computers, such as laptops, which could connect to
the network.
- Make sure that the antivirus protection installed on servers and mail
servers is correctly configured. To protect against Mydoom.A, a good policy
to put in place is to delete any file with a .pif, .scr, .exe, .cmd or .bat
extensions, as well as any other file with a double extension. Similarly,
.zip files must be scanned and any zip files that contain executable files
should be deleted. These measures will vary depending on the needs of each
company, and therefore should be implemented with care and in line with the
corporate security policy.
- Monitor the firewall activity, and particularly ports 3127 to 3198, which
are those used by Mydoom.A to carry out its actions.
- Immediately disconnect from the network any computer suspected of being
infected by this worm and disinfect it. You can do this using the PQremove
utility that Panda Software offers all users free of charge at
http://www.pandasoftware.com/download/utilities
- Carry out a full scan of any computer that could have used an uncontrolled
wireless connection.
- Prevent users from downloading messages received through web mail to their
computers.
Panda Software has already made the updates to its products available to its
clients to ensure their solutions can detect and eliminate Mydoom.A. Even
though Panda Software's products can be automatically updated every day,
those whose software is not configured to update automatically, should
update their solutions from
http://www.pandasoftware.com/.
Panda Software also offers users its free, online tool Antivirus Checker,
which will inform you of the protection status of your computer. This tool
specifies whether an antivirus is installed, which one and if it is updated,
and therefore keeping the computer safe from viruses. Antivirus Checker is
available at:
http://www.pandasoftware.com/protected
Users can also detect this and other malicious code using the free, online
antivirus, Panda ActiveScan, which is available on the company's website at
http://www.pandasoftware.com/.
More detailed information on Mydoom.A is available from Panda Software's
Virus Encyclopedia, at
http://www.pandasoftware.com/virus_info/encyclopedia/.
