Russia likely origin of Mydoom worm

A top Russian anti-virus firm said on Friday it had traced the first emails infected with Mydoom to addresses with Russian internet providers and it adds, the worm could be an attempt to distribute spam mail.

“We have special software to monitor Internet traffic across the world. This detected that the first emails infected by the worm came from Russian providers,” Denis Zenkin, spokesman for the Russian security firm Kaspersky Labs told AFP

“But there is a still a 20-percent chance that this was an attempt to mislead. Virus programmers from other countries could have registered an email address in Russia and transmitted their harmful programmes via it,” he said.

Microsoft and SCO, the owner of the Unix operating system, have together offered $500,000 in rewards for information leading to the arrest and prosecution of Mydoom’s creators.

“This worm is a criminal attack,” said Brad Smith, senior vice president and general counsel at the Microsoft software giant.

Variant of version A

MyDoom.B, detected on Wednesday, is a variant of the earlier released MyDoom.A worm, also known as the Novarg worm, which became the worst epidemic on the Internet.

It installs a programme that directs infected computers to launch so-called denial-of-service attacks on Microsoft’s main corporate website.

Mydoom spreads through e-mail attachments and downloads from the popular Kazaa file-sharing service, which lets Internet surfers share content such as games, movies and music.

California-based Panda Software said Mydoom.A was still spreading rapidly, even though individual computer users may be seeing fewer infected e-mails.

It said one in every five e-mails is carrying this worm, making four million infected e-mails in circulation and slowing down Internet traffic around the world.

The virus has attacked Windows based machines

Junk mail

An expert from Kaspersky Labs, Alexander Gostiyev, told a newsconference in Moscow that the creators of the virus were not aiming to disrupt Internet traffic but use infected computers to distribute unsolicited junk mail.

The attack “was very well planned and prepared, perhaps for several months’ and at least 1000 computers were infected in advance,” Gostiyev said.

“The virus could be of use above all to criminal groups seeking to distribute spams,” he added.

Commercial footing

Another representative of the Internet security firm said that the generation of computer experts in Russia who unleashed viruses in the 1990s merely wanted to create havoc but this was no longer the case.

“The virus creators have moved onto a commercial footing. They are financed by groups which make their money from spam,” Alexei Zernov told AFP.

Kaspersky Labs describes itself as one of the world’s top 10 anti-virus firms and has offices in nine countries including the United States, Germany, Britain, Japan and France.

According to the security firm, some 600,000 or so computers have been infected by the bug.