The Mydoom-A worm skyrocketed across the Internet Tuesday, but it left many security managers scratching their heads about how an e-mail-attached executable could con so many users into opening it.
Even normally vigilant users could be induced into clicking on the seemingly innocuous social-engineered "text" file.
At its height Tuesday, Central Command reported more than 400,000 infected systems and said the worm accounted for one in nine e-mails.
"The name of the file looks like a text file, because it says 'txt' and is followed by 60 spaces and then one of a number of executables," said Brian Dunphy, senior manager of analysis operations for Symantec Managed Security Services. "The file name is simply too long to appear fully."
Also called Novarg and Mimail-R, the randomized e-mail and P2P worm spoofs addresses and includes subject lines that suggest a previous message had errors. Clicking the e-mail attachment can release an unwelcome payload.
"The worm is very aggressive; it can install an e-mail proxy server that could be used to further infection or be used by spammers, or it can install a remote backdoor Trojan that will allow unauthorized access," said Steven Sundermeier, VP of products and services at Central Command.
Was your organization infected or impacted in some other way? Please send us your stories at mailto:SWPcomments@infosecuritymag.com. We will honor requests for anonymity.