Last Updated on May 25, 2020 by Dave Farquhar
Just in case anybody is curious, my employer’s virus scanners filtered roughly 3,000 copies of Novarg (a.k.a. My Doom) during working hours yesteray. If that’s not a record for us, it approaches it. I know we weren’t the only one.I’ve heard Novarg/MyDoom/My Doom called the fastest spreading virus yet. I don’t have statistics on prior viruses with me, but suffice it to say, its impact certainly felt similar to the big names from the past.
Although SCO would like people to believe it was written by a Linux zealot, I’m more inclined to believe it was created by organized crime. Maybe the creators hate SCO, or maybe the anti-SCO DDoS was just an added touch to throw investigators off.
LoveLetter was the first virus outbreak to really have much impact on my professional career, and I noticed something about it. Prior to LoveLetter, I never, ever got spam at work. Not once. After LoveLetter, I started getting lots of it. I don’t believe LoveLetter’s intent was to gather e-mail addresses for spammers, but I do believe that more than one spammer, probably independently, noticed that viruses were a very efficient way to gather a large number of e-mail addresses.
I got spam before LoveLetter, and I saw viruses before LoveLetter. But I started seeing a lot more of both very soon after LoveLetter.
I don’t buy any giant conspiracy to sell anti-virus software, nor do I buy any giant conspiracy against SCO. I do believe in bored people with nothing better to do than to write viruses, and I also believe in people who can profit off their side effects.
I’ve said it once and I’ll say it again. If you run Windows, you must run anti-virus software. You can download Grisoft AVG anti-virus software for free. Don’t open unexpected e-mail attachments, even from people you know. Even if it looks safe. Don’t send unexpected e-mail attachments either–you don’t want anyone to get the idea that’s normal. Quite frankly, in this day and age, there’s no reason to open any piece of e-mail that looks suspicious for any reason. I told someone yesterday that this is war. And I think that’s pretty accurate.
If you’re an intrepid pioneer, there’s something else you can do too, in order to be part of the solution. If you join the Linux revolution, you can pretty much consider that computer immune. Macintoshes are slightly less immune, but certainly much less vulnerable than Windows. Amiga… Well, I haven’t seen the words “Amiga” and “virus” in the same sentence since 1991 or 1992. But one thing is certain: a less homogenous field is less susceptible to things like this.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
5 thoughts on “MyDoom/Novarg Gloom”
I prefer F-Prot for DOS
used with Art’s F-Prot DOS interface.
My ISP is trapping the virus/worm, but continuing to deliver the bogus messages. Sort of a waste of everyone’s time and effort, if you ask me. Why bother telling me you deleted an attachment if the source of the offending message isn’t known to me in the first place? Why not just delete the entire message, and not bother relaying it to me?
SBC seems to be doing that. I haven’t gotten any, but my dad informed me he’s getting alot of E-Mails from Yahoo/SBC saying they have removed the offending attachement, and sending the email message itself on.
In all fairness, it’s much easier for antivirus software to strip the offending attachment than it is to decide whether that message was sent by the virus or a person. I suspect it’s our spam filtering software at work that’s keeping me from getting those fake bounce messages with the attachment removed.
With each of these outbreaks, I keep hoping people will learn. Maybe they will before I reach retirement age.
Let’s face it – the ISPs are probably going to think it’s in their interests to SHOW you how diligently they’re trapping the virus, while not delivering the virus to you or clogging up their storage with it.
Me – I think probably the only thing that’s saving us from a situation worse than that of SoBig is that, purely fortuitously, this worm is much smaller than the previous one. Storage is not filling up as rapidly, and bandwidth is not being hogged as much.
Comments are closed.