Latest MyDoom may signal dreaded ‘Zero-Day’

The newest version of the MyDoom virus suggests to security experts that the much-anticipated Zero-Day attack may have already arrived.

Zero Day refers to an exploit, either a worm or a virus, that arrives on the heels of, or even before, the public announcement of a vulnerability in a computer system. This version of MyDoom appeared only two days after a security flaw in Windows IE was made public by two hackers, according to reports.

What’s different about this version of MyDoom is instead of attaching itself to an e-mail as an executable program, it appears instead as a Web link within the text of an e-mail message. Clicking on the link will direct a person’s browser to another Web site that will exploit an IFrames vulnerability in IE and thereby infect that person’s machine.

“Up until today, every worm that came out had a fix and that fix was out there for some time,” said Stuart McClure, president and CTO of Foundstone Strategic Security (a division of McAfee Inc.) in Mission Viejo, Calif.

McClure suggests it will only be a short time before a worm or virus appears exploiting an unknown vulnerability and no mechanism to fix it. The time difference between when security vulnerabilities become known and exploits are created to take advantage of those flaws has been shrinking for some time. Two years ago, that time difference was somewhere between four to six weeks.

“For the first six months of this year, (that time difference) was about 5.8 business days, and in this most recent case it was just two days,” said Alfred Huger, senior director of engineering with Symantec Corp. in Calgary. “The problem is that it is extremely difficult for a vendor to put out a patch in that short of a time.”

Carol Terentiak, security strategy and response manager with Microsoft Canada Co. in Mississauga, Ont., says this version of MyDoom suggests virus and worm writers are becoming more sophisticated, that persons are going beyond merely tweaking existing virus code and doing more sophisticated work by first prying apart and looking for problems in the systems they may want to compromise.

There was some suggestion that the release of the virus was timed to disrupt Microsoft’s monthly security bulletins. Each month, Microsoft releases a security bulletin that provides customers with information about security issues, exploits and fixes that are available. The timing of this MyDoom variant suggested to some that its author may have hoped to trip-up the bulletin by showing it to be inadequate in providing up-to-date security information and fixes to Microsoft customers.

Terentiak says she is not aware of that being the case. She adds Microsoft users who have installed Service Pack 2 for Windows XP were already at a reduced risk of having problems with this virus. Service Pack 2 comes with built-in protections against the kinds of exploits that MyDoom tries to perpetrate on a machine. Still, Microsoft is working on a separate patch for the vulnerability in IE.

Terentiak advises people who are worried to consult either www.microsoft.com/security or www.microsoft.com/protect for more information.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now