The threat
from the MyDoom virus is not limited to high-profile targets such
as SCO and Microsoft, and it is unlikely end on any particular
date, analyst firm Gartner has warned.
MyDoom, which
appeared in late January, was expected to focus on SCO - which has
been engaged in controversial litigation over the alleged use of
its proprietary code in Linux - and Microsoft, before
"self-terminating" on 12 February.
However, MyDoom is
unlikely to disappear because it combines a well-designed transport
and payload - in a small, hard-to-detect package - with clever
social engineering, said Gartner analyst Martin Reynolds.
“MyDoom has
created an army of ‘zombies’ - remote PCs that can be used to
execute attackers' future commands,” he said. “These attacks will
likely continue after 12 February 2004, and the threat will not end
until the MyDoom executable has been removed from all infected
PCs.”
Companies should
ensure that their internet firewalls and personal firewalls block
the targeted internet ports (3198 through 3217) and do not respond
to attackers' attempts to find computers using these ports,
Reynolds advised.
In addition, they
should scan every network-connected PC to identify and remove the
MyDoom executable and encourage employees to scan their personal
systems using free tools available online.
However, many
employees seem to be apathetic about viruses such as MyDoom,
according to a report from market research firm TNS.
The report,
commissioned by Novell, revealed that two-thirds of the 1,000
respondents admitted they were unaware of even the most basic virus
prevention measures and a third say that they are too busy to check
their e-mails before opening them.
In addition, the
report said, 90% of employees believe that have no part to play in
preventing the spread of viruses, preferring to leave
responsibility to their IT department, software suppliers or the
government.