Mydoom.m: search engines suffer along with users

27 Jul 2004
Virus News

Kaspersky Lab, a leading information security software developer, has detected Mydoom.m, a new version of I-Worm.Mydoom. This malicious program spreads via the Internet as an attachment to infected messages. However, this latest addition to the Mydoom family uses a unique propagation technique which caused several well known search engines - Google, Yahoo!, Lycos and AltaVista - to malfunction.

Mydoom.m is activated when a user opens an attachment to an infected message. The worm installs itself to the system, and then propagates by scanning files on the victim machine. It sends a copy of itself to all email addresses which it finds. It then sends a search request to Google, Yahoo!, Lycos and AltaVista, analyses the data it receives and sends itself to email addresses contained in the search results. The large number of requests generated by machines infected by Mydoom.m led to disruptions in the service provided by these search engines.

Mydoom.m didn't only cause search engines to malfunction; its main malicious payload is a backdoor function. Once the worm has penetrated the victim machine, it opens a port to receive remote commands. Virus writers will then have full control over the infected machine, and will be able to delete or modify data steal information, and install other programs at will.

An urgent update for Kaspersky® Anti-Virus databases has already been released, and a detailed description of I-Worm.Mydoom.m is now available in the Kaspersky Virus Encyclopaedia.