News Stay informed about the latest enterprise technology news and product updates.

Super Bowl week spells doom for security

Why do major virus outbreaks seem to accompany Super Bowl Weekend? Following in the tradition of last year's Slammer attack, Mydoom-A flooded inboxes right before the big weekend.

In what is becoming a Super Bowl tradition, another mass-mailing worm this week raced through computers worldwide...

thanks to clever social engineering and a Linux lover with a cause.

The velocity of the Mydoom-A worm outbreak, which surfaced Monday afternoon and by Tuesday morning had begun racking up superlatives within the worm world, is reminiscent of Slammer, malware that hit just before the Super Bowl last year and knocked out networks all over the country.

Also dubbed Novarg and Mimail-R by different antivirus vendors, the randomized e-mail and P2P worm, which copies itself in the KaZaA shared directory, spoofs addresses and includes subject lines that are either blank or "HELLO" and body text that suggests a previous message had errors. Clicking the e-mail attachment -- which includes,,, among other variations -- loads Notepad.exe and displays randomized characters on the screen, according to security vendor iDEFENSE.

"Mydoom is taking advantage of one of the most recent trends in the malicious code world, randomized e-mail worms that include a ZIP attachment to bypass traditional gateway filters," said iDEFENSE director of malicious code Ken Dunham in a statement. Because Mydoom's payload includes launching denial-of-service attacks against The SCO Group's Web site, antivirus experts believe the group's legal challenge of Linux code as proprietary motivated the authors.

"It appears to be a Linux advocate attacking the SCO Web site," explained Darwin Ammala, a security engineer with Harris Corp.'s STAT network security unit. "SCO can block the attack and probably won't be hurt as badly as the attacker would like."

Mydoom's success comes in part from end users' gullibility of opening attachments without seriously considering the source. Experts, however, agree that Mydoom's cleverly crafted message and file names make the malicious code more difficult to detect.

By Tuesday morning, e-mail managed security service provider MessageLabs was processing up to 60,000 copies of the worm an hour for its worldwide customers. Mydoom-A "has exceeded the infamous Sobig-F virus in terms of copies intercepted, and the number continues to rise," according to a company statement.

Postini, the fourth largest e-mail processor in the U.S., quarantined 8 million copies in a 24-hour period.

Experts recommend updating antivirus signatures and training users to be more vigilant about opening e-mail attachments -- even those that appear to be text files.

Dig Deeper on Emerging cyberattacks and threats

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Hm, I have never heard of this before. Does this still happen even today?