Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

MyDoom.f Spreads, Deletes Files

MyDoom.f, a worm first discovered last Friday, continues to spread, security experts said Wednesday, and unlike other variants of the persistent MyDoom, it can wreck havoc on the infected machine by randomly deleting files, including documents created with Microsoft Word and Excel.

"This worm is being sighted in larger numbers, suggesting that not all computers are properly protected," said Graham Cluley, senior technology consultant for Sophos.

MyDoom.f, whose payload arrives in an attached file in an e-mail message with a large number of possible subject lines -- including "Read this," "Your order is being processed," and "Bug" -- installs malicious code that, among other tasks, conducts denial-of-service attacks (DoS) against microsoft.com, and riaa.com.

The riaa.com site is the Internet home of the Recording Industry Association of America, the group responsible for bringing lawsuits against illegal music file sharers. Early Tuesday, AlertSite, a Web monitoring firm, reported that riaa.com showed a significant drop in performance due to the DoS attack; between 9 a.m. and noon Tuesday, riaa.com was available only about 74 percent of the time.

"It appears that the site was affected yesterday by the traffic generated by this latest revision of MyDoom," said Ken Godskind, the vice president of AlertSite.

  • 1