Russia likely origin of Mydoom worm

Russia is 80-percent likely to be the origin of the Mydoom computer worm, which has become the worst ever Internet epidemic.

    The worm could be an attempt to distribute spam mail

    A top Russian anti-virus firm said on Friday it had traced the first emails infected with Mydoom to addresses with Russian internet providers and it adds, the worm could be an attempt to distribute spam mail.

    "We have special software to monitor Internet traffic across the world. This detected that the first emails infected by the worm came from Russian providers," Denis Zenkin, spokesman for the Russian security firm Kaspersky Labs told AFP

    "But there is a still a 20-percent chance that this was an attempt to mislead. Virus programmers from other countries could have registered an email address in Russia and transmitted their harmful programmes via it," he said.

    Microsoft and SCO, the owner of the Unix operating system, have together offered $500,000 in rewards for information leading to the arrest and prosecution of Mydoom's creators.

    "This worm is a criminal attack," said Brad Smith, senior vice president and general counsel at the Microsoft software giant.

    Variant of version A

    MyDoom.B, detected on Wednesday, is a variant of the earlier released MyDoom.A worm, also known as the Novarg worm, which became the worst epidemic on the Internet.

    It installs a programme that directs infected computers to launch so-called denial-of-service attacks on Microsoft's main corporate website.

    Mydoom spreads through e-mail attachments and downloads from the popular Kazaa file-sharing service, which lets Internet surfers share content such as games, movies and music.

    California-based Panda Software said Mydoom.A was still spreading rapidly, even though individual computer users may be seeing fewer infected e-mails.

    It said one in every five e-mails is carrying this worm, making four million infected e-mails in circulation and slowing down Internet traffic around the world.

    The virus has attacked Windows
    based machines

    Junk mail

    An expert from Kaspersky Labs, Alexander Gostiyev, told a newsconference in Moscow that the creators of the virus were not aiming to disrupt Internet traffic but use infected computers to distribute unsolicited junk mail.

    The attack "was very well planned and prepared, perhaps for several months' and at least 1000 computers were infected in advance," Gostiyev said.

    "The virus could be of use above all to criminal groups seeking to distribute spams," he added.

    Commercial footing

    Another representative of the Internet security firm said that the generation of computer experts in Russia who unleashed viruses in the 1990s merely wanted to create havoc but this was no longer the case.

    "The virus creators have moved onto a commercial footing. They are financed by groups which make their money from spam," Alexei Zernov told AFP.

    Kaspersky Labs describes itself as one of the world's top 10 anti-virus firms and has offices in nine countries including the United States, Germany, Britain, Japan and France.

    According to the security firm, some 600,000 or so computers have been infected by the bug.



    Survivor stories from Super Typhoon Haiyan

    Survivor stories from Super Typhoon Haiyan

    The Philippines’ Typhoon Haiyan was the strongest storm ever to make landfall. Five years on, we revisit this story.

    How Moscow lost Riyadh in 1938

    How Moscow lost Riyadh in 1938

    Russian-Saudi relations could be very different today, if Stalin hadn't killed the Soviet ambassador to Saudi Arabia.

    Thou Shalt Not Kill: Israel's Hilltop Youth

    Thou Shalt Not Kill: Israel's Hilltop Youth

    Meet the hardline group willing to do anything, including going against their government, to claim land for Israel.