The threat from the MyDoom virus is not limited to high-profile targets such as SCO and Microsoft, and it is unlikely end on any particular date, analyst firm Gartner has warned.
MyDoom, which appeared in late January, was expected to focus on SCO - which has been engaged in controversial litigation over the alleged use of its proprietary code in Linux - and Microsoft, before "self-terminating" on 12 February.
However, MyDoom is unlikely to disappear because it combines a well-designed transport and payload - in a small, hard-to-detect package - with clever social engineering, said Gartner analyst Martin Reynolds.
“MyDoom has created an army of ‘zombies’ - remote PCs that can be used to execute attackers' future commands,” he said. “These attacks will likely continue after 12 February 2004, and the threat will not end until the MyDoom executable has been removed from all infected PCs.”
Companies should ensure that their internet firewalls and personal firewalls block the targeted internet ports (3198 through 3217) and do not respond to attackers' attempts to find computers using these ports, Reynolds advised.
In addition, they should scan every network-connected PC to identify and remove the MyDoom executable and encourage employees to scan their personal systems using free tools available online.
However, many employees seem to be apathetic about viruses such as MyDoom, according to a report from market research firm TNS.
The report, commissioned by Novell, revealed that two-thirds of the 1,000 respondents admitted they were unaware of even the most basic virus prevention measures and a third say that they are too busy to check their e-mails before opening them.
In addition, the report said, 90% of employees believe that have no part to play in preventing the spread of viruses, preferring to leave responsibility to their IT department, software suppliers or the government.