Internet terrorism fears as virus hits
Date: January 28, 2004
By Chris Jenkins
COMPUTER users worldwide have been caught in the crossfire of an internet attack that experts say could be the precursor to "cyber terrorism".
Just days after the relatively harmless "Bagle" virus, a new internet worm, known as MyDoom, Norvarg or Shimgapi, began appearing yesterday.
The worm has been rated as a high-level security threat.
While Bagle did little more than spread itself, MyDoom packs more malice, being programmed to mount a denial of service attack on US software company SCO's website.
Such an attack aims to bring down a company's systems by flooding them with traffic. While it continues to spread via email, the worm is not scheduled to begin its attack on SCO until February 1.
SCO has made itself unpopular in some computer circles, particularly among users of Linux, an operating system developed on a community basis and shared for free. SCO claimed it had copyright over some parts of Linux, and a legal row developed when the company began demanding licence fees.
A rival to Microsoft's Windows, Linux has gathered a loyal group of supporters.
It is believed the attack on SCO could be the work of an angry Linux supporter.
Australian SCO spokesman Keiran O'Shaugnessy said the company was "keeping an eye" on the threat, but would not speculate on the motivation for the attack or its source. Large denial of service attacks have previously been attempted against the White House and Microsoft.
MyDoom's strike seemed to be the result of a particular issue, managing director of internet security company Symantec John Donovan said. The attack was perhaps a precursor to more serious politically motivated hacking. Research indicated politically motivated attacks would likely increase, he said.
In a worst-case scenario, an internet attack could be combined with a physical attack, such as a bombing, knocking out communications during an emergency.
But a link between the attack and SCO's activities had yet to be proved, and it was more likely that the hacker responsible for MyDoom decided to attack SCO as an afterthought, antivirus research manager for Computer Associates Jakub Kaminski said.
More serious than the attack on SCO was the fact that the worm left a communications port open on the infected computer, allowing it to be remotely accessed by a hacker, he said.
Like Bagle, MyDoom carries its "payload" in an attachment. The email itself can have a number of subject titles, and includes one of several technical-sounding messages referring to the attachment. The attachment must be opened for the worm to work. Once installed, the worm will attempt to email itself out again, and also leaves behind files to spread itself via the internet file-sharing service KaZaa.
Email filtering company MessageLabs reported the first intercepted copy of the virus was sent from Russia. So far, MyDoom has spread through North America, Europe, South America and the Asia Pacific and last night security experts said its spread was continuing to accelerate.
^macro[showdigestcomments;^uri;Internet terrorism fears as virus hits]