MyDoom (was: Test)

bscott at ntisys.com bscott at ntisys.com
Mon Feb 2 10:33:50 EST 2004


> On Sun, 2004-02-01 at 16:06, jabr at blu.org wrote:
> > Mail transaction failed. Partial message is available.

On Sun, 1 Feb 2004, at 11:04pm, jeff.macdonald at virtualbuilder.com wrote:
> Is this the MyDoom worm/virus?

  Yup.

  It is worth pointing out that, like most such malware, the MyDoom worm
forges the "From" address.  Whatever address is given in the "From:"  line
is almost certainly not the address of whoever owns the computer that is
actually compromised.  Thus, sending auto-responses to malware messages is
especially frowned upon.

  It is also worth pointing out that MyDoom is a trivial worm.  It does not
exploit any software flaws or require any special privileges.  It depends on
the user to extract and run the program, and all the attachment does is
harvest email addresses and mail itself to those addresses.

  The reason this is significant is that there is absolutely no technical
reason that this worm could not exist in the Macintosh or Unix worlds.  A
simple Bourne shell script would likely suffice.  This is not a technology
program, but an education problem.  As long as people are in the habit of
blindly believing whatever is emailed to them, this problem will exist.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |





More information about the gnhlug-discuss mailing list